Skip to Content.
Sympa Menu

cat-users - [cat-users] Hotfix applied: Institution names with ampersand; first-aid workaround for "Symantec Endpoint Protection"

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

[cat-users] Hotfix applied: Institution names with ampersand; first-aid workaround for "Symantec Endpoint Protection"


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: "cat-users AT geant.net" <cat-users AT geant.net>
  • Subject: [cat-users] Hotfix applied: Institution names with ampersand; first-aid workaround for "Symantec Endpoint Protection"
  • Date: Wed, 03 Jul 2013 08:33:54 +0200
  • List-archive: <https://mail.geant.net/mailman/private/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>

Hello,

we've applied the announced hotfix for institution names with an
ampersand late yesterday; please see a screenshot of a working
mobileconfig with an ampersand name, taken freshly from cat.eduroam.org.

The hotfix also includes minimal band-aid for users who have installed
"Symantec Endpoint Protection" on Windows 7 64-Bit. That product has a
bug which prevents automatic profile installation in the shell script
CAT provides. From now on, the scripts are retained in a temporary
directory and can be installed by the user invoking a minimum
command-line script *after* the installation process has failed. The
scripts needed to do that look like:

cd %TEMP%
netsh wlan add profile wlan_prof-0.xml
netsh wlan add profile wlan_prof-1.xml

(more netsh lines if you use custom SSIDs)

I would like to stress that this is due to a bug in the Symantec
product, not in the CAT software; Symantec confuses the Windows APIs to
sometimes forget that PEAP is available on the system; and naturally the
profile installation for PEAP will fail because the EAP type is
"unknown". The bug is well-known and long-standing in that product; the
best we can do is to provide this work-around - because strangely
enough, user-interactive execution of a script along the above lines
works; but not when called from within an installer environment. Yes,
this is weird :-)

More info is for example here:
http://www.symantec.com/connect/forums/how-not-install-symantec-nac-transparent-mode-eap-method-endpoint-protection

Of course, another solution for the installation failure problem is to
de-install Symantec Endpoint Protection, or at least the sub-component
which is called the EAP method "Symantec NAC Transparent Mode" which
introduces the breakage (i.e. contrary to its name, it is not
transparent at all). If you are not using Symantec's flavour of NAC
(Network Access Control) then this is probably the best option.

Greetings,

Stefan Winter

Attachment: Foto.PNG
Description: PNG image

Attachment: signature.asc
Description: OpenPGP digital signature



  • [cat-users] Hotfix applied: Institution names with ampersand; first-aid workaround for "Symantec Endpoint Protection", Stefan Winter, 07/03/2013

Archive powered by MHonArc 2.6.19.

Top of Page