I am at a loss on this.  I've got 18 CAPWAP AP's at one facility running wpa PSK with TKIP encryption.  these MC9090 handheld units can connect with no problem.  recently we setup a remote office, also using Cisco 1252 AP's running in Autonomouse mode.  the handhelds will not connect to the remote site wireless no matter what I do.  I can use the wireless in that building without any problems from my laptop, or smartphone, but these guns just won't link up.  The only message in the guns log is that it found the SSID, tried to connect, and then timed out.  If anyone's got any suggestions i'd be happy to hear them.  below is my Autonamouse units configs.  they are meant to look just like the other infrastructure devices

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap1
!
enable secret
!
aaa new-model
!
!
aaa group server radius rad_eap
 server x.x.x.x auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius local_rad
 server x.x.x.x auth-port 1812 acct-port 1813
!
aaa authentication login default group tacacs+ local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login wds-server group local_rad
aaa authorization exec default group tacacs+ local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
clock timezone CST -6
clock summer-time DST recurring
no ip domain lookup
ip domain name ...
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
dot11 vlan-name DATA vlan 40
dot11 vlan-name SERVERS vlan 4
!
dot11 ssid ...
   vlan 40
   authentication open
   authentication key-management wpa
   wpa-psk ascii
!
!
!
username ... privilege 15
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 40 mode ciphers tkip
 !
 ssid ...
 !
 antenna receive middle
 speed  basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2.
 m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
 power client local
 station-role root access-point
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.40
 encapsulation dot1Q 40
 no ip route-cache
 bridge-group 40
 bridge-group 40 subscriber-loop-control
 bridge-group 40 block-unknown-source
 no bridge-group 40 source-learning
 no bridge-group 40 unicast-flooding
 bridge-group 40 spanning-disabled
!
interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption mode ciphers tkip
 !
 encryption vlan 40 mode ciphers tkip
 !
 ssid ...
 !
 dfs band 3 block
 speed  basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6.
m7. m8. m9. m10. m11. m12. m13. m14. m15.
 power client local
 channel dfs
 station-role root access-point
 bridge-group 1
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio1.40
 encapsulation dot1Q 40
 no ip route-cache
 bridge-group 40
 bridge-group 40 subscriber-loop-control
 bridge-group 40 block-unknown-source
 no bridge-group 40 source-learning
 no bridge-group 40 unicast-flooding
 bridge-group 40 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
!
interface GigabitEthernet0.4
 encapsulation dot1Q 4 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.40
 encapsulation dot1Q 40
 no ip route-cache
 bridge-group 40
 no bridge-group 40 source-learning
 bridge-group 40 spanning-disabled
!
interface BVI1
 ip address x.x.x.x y.y.y.y
 no ip route-cache
!
ip default-gateway x.x.x.x
ip http server
ip http authentication aaa login-authentication default
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
logging x.x.x.x
snmp-server community ...
snmp-server location ...
snmp-server contact IT Dept.
snmp-server enable traps tty
tacacs-server host ... key
tacacs-server directed-request
radius-server local
  no authentication eapfast
  no authentication mac
  nas ... key
  user ap2 nthash
  user ap3 nthash
!
radius-server attribute 32 include-in-access-req format %h
radius-server host x.x.x.x auth-port 1645 acct-port 1646 key
02
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key
radius-server vsa send accounting
bridge 1 route ip
!
!
wlccp ap eap profile rad_eap
wlccp authentication-server infrastructure wds-server
wlccp wds priority 245 interface BVI1
!
line con 0
line vty 5 15
!
sntp server x.x.x.x
sntp broadcast client
end
 

Hi insureme,

Is this problem ongoing?

"The only message in the guns log is that it found the SSID, tried to connect, and then timed out." - For connection time-outs, it may be worth increasing the WPA timeout on the AP, as Cisco IOS 12.4 default timeout is 100ms, but can be changed up to 2000ms here.

Otherwise, it may be worth checking the power settings on the MC9090s & changing from PSP to CAM (may affect battery performance tho).

HTH,

Rich

Thank you for the response.  we did figure it out though.  as it ends up the gun has a settings foe the regulatory domain using 801.11d.  by disabling support for this protocol on the guns wireless configuration we were able to connect without issue.  I'm assuming there is somewhere in the AP config you can turn this on, but as we would never use it, disabling the option to use 802.11d was a viable option for us.