Skip to Content.

cat-users - Re: [[cat-users]] Windows Installer not working on Windows11

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive


Re: [[cat-users]] Windows Installer not working on Windows11


Chronological Thread 
    < Chronological >      < Thread >
  • From: Martin Bickel <martin.bickel AT urz.uni-heidelberg.de>
  • To: Tomasz Wolniewicz <twoln AT umk.pl>, Jens Schleede <jens.schleede AT uni-greifswald.de>, cat-users AT lists.geant.org
  • Cc: David Sandmann <david.sandmann AT uni-greifswald.de>
  • Subject: Re: [[cat-users]] Windows Installer not working on Windows11
  • Date: Wed, 31 Aug 2022 16:48:03 +0200
  • Ironport-data: A9a23:1r09zav2G2IvXd7QmsHi2z6N0OfnVN9eMUV32f8akzHdYApBsoF/q tZmKWHUPf/fa2L8KtwkPI3ioEkD7JfXyoRrGwpqr31kQ38UgMeUXt7xwmXYZn7NdJ2dECqLz Cm8hv3odp1coqr0/0/1WlTZhSAgk/nOHNIQMcacUsxLbVcMpBwJ1FQywIbVvqYy2YLjW1PW4 IuoyyHiEAbNNwBcYzp8B52r9UsHUMTa4Fv0aXRnOJinFHeH/5UkJMp3yZOZdhMUcaEMdgKOf Nsv+Znilo/vE7fBPfv++lrzWhVirrc/pmFigFIOM0SpqkAqSiDfTs/XOdJEAXq7hQllkPgy8 95xi6K/ZTslGfLhtf4wVyFBCGZhaPguFL/veRBTsOSWxkzCKyKq3vNvSUE7PIEV/ux6G24I+ fFwxDIlN0rSwbjunvTiErEq3Jl5RCXoFNp3VnVIyDjDEfcgB5rCSKbH4fdFxiV2m8ZPWPbTZ sYUbTBidhuGbxAn1lI/Ucxiw7v42yilG9FegFicv/Erxm+O8F1s3ILWLcPYR9mubtoAyy50o UqdozqlWEhCXDCF8hKO+27pm/TChzjTXIMJCKb++fNjhkHVwXYcYDUKSly/p9Gkj034Q9Y3A 0Ad5Csi67M78kCuR9/7dwC+oTuLpBMdVcFPGuk2rg2AooLW7gCCQHMPTjpMZdArnNIwRHklz FKIkcj2DDhj9rGYIU9x7Z+RpDK2YXFTMGkDIC8JTAcI59Puuo51gh+nostf/LCdzeb+JQ/Oz By2oA9hqpgJoMozzr784gWS696znaThQgkw7wTRe2uq6AJleYKoD7BED3CGvJ6sy67HFjG8U Gg4d9u2sLFSVMnS/MCZaLVTTOnwjxqQGGCE2TZS848dGyOF11PLkWp4wDx/KEptOMsedlcFi 2eN6FoLvPe/0FOAZKN6ZceOFt420aXlH9n/WZjpgjdmZ5FwcFfeujxoZAuQ0mHhnUwmnLswf 5uWGSpNMZr4Ifo3pNZVb75DuVPO+szY7T+OLXwc50j8uYdynFbPFd843KKmN4jVFp+srgTP6 Mp4PMCX0RhZW+CWSnCJr9dDfQxQdiJjXcqeRylrmgirfFoO9IYJVa+5/F/dU9I190iovr2Qr yzmBBcwJKTX3CWWc17iho9fhEPHBsoh8ShiZUTAzH6i1nw8fIvn8aEeaZYtZrg75aRlwOJrS OMGE/hs8dwQIgkrDw81M8KnxKQ8L0vDuO57F3D4CNTJV8I7GlahFx6NVleHyRTi+QLs7ZBj+ +X7jluBKXfBLiw7ZPvrhDuU5wvZlRAgdChaBSMk/vE7lJ3QzbVX
  • Ironport-hdrordr: A9a23:ViEWVqs63iwlnsX0/8YaRzOy7skDe9V00zEX/kB9WHVpm62j5q eTdZEgvyMc5wxhO03I9erhBEDiexLhHPxOkOss1N6ZNWGMhILCFvAG0WKN+UyFJ8Q8zIJgPG VbHpSWxOeeMbGyt6jH3DU=
Hi Tomasz,

today I have a test machine and can make tests myself.

You find attached our profiles after a installation on Win11 and Win10. There are no differences in both files.

I think I found the problem by checking the xml file. The section <Phase2Authentication/> is not filled with our parameters. When I manually set up eduroam and make then an export this section is filled with this parameters on Win11:
<Phase2Authentication>
<MSCHAPv2Authentication>
<UseWinlogonCredentials>false</UseWinlogonCredentials>
</MSCHAPv2Authentication>
</Phase2Authentication>

So in our setting we use PEAP with MSCHAPv2 for the normal profiles, but this parameter is missing in the xml file.

I think Win11 here makes a check and gives an error and Win10 does not make a check.

Kind regards
Martin

Am 30.08.2022 um 22:28 schrieb Tomasz Wolniewicz:
Hi,

  I am on vacation with no possibility to actually retry the problem myself.

For the second profile "eduroam® via partner" it is quite OK to give this error message. This is a Hotspot 2.0 profile installed "juts in case" someone found a network with an SSID different from eduroam but still claiming to be eduroam with a Hostspot 2.0 RCOI. Not all network cards support HS 2.0 and for such cases the installation is supposed to fail silently.

However it should not happen that the proper eduroam profile. Could you send ne such a profile, I would that a look what the problem could be and perhaps find the reason.

The other issue - the "not updated" message should not appear any more with the newly downloaded installers.

Tomasz


W dniu 30.08.2022 o 14:55, Martin Bickel (via cat-users Mailing List) pisze:
Hello everybody,

I can confirm a problem for our university with Windows 11 too. Since friday I have 4 people with such a problem in out ticket system.

In the normal debug log from one user I found:
Execute: C:\Windows\sysnative\netsh wlan add profile C:\Users\charl\AppData\Local\Temp\wlan_prof-0.xml
netsh returned 1
Profile installation error for "eduroam®"
Execute: C:\Windows\sysnative\netsh wlan add profile C:\Users\charl\AppData\Local\Temp\wlan_prof-1.xml
netsh returned 1
Profile installation error for "eduroam® via partner"

For more details I have to ask the user for a meeting.

The problem with the message "Windows 10 is not up to date" at the Windows 11 machine is gone away. I think the update from friday has fixed it.
@Jens Schleede: have you tried to download a new installer since friday? There was a thread called "Windows11 Problems​" on this list for this message.

Kind regards

Martin

Am 30.08.22 um 11:13 schrieb Jens Schleede (via cat-users Mailing List):
Hello list,

Our CAT eduroam installer does not work on Windows 11.

I have debugged the problem a bit and found the following error when the wlan profile is installed:

  PS C:\Users\User\Downloads\eduroam> netsh wlan add profile .\wlan_prof-0.xml
  Profile format error 0xE225:
  The network connection profile is corrupted.



Also the installer tells the users that their Windows is not up to date and they should upgrade their Windows10.


Best regards
Jens Schleede

--

Jens Schleede
Universitätsrechenzentrum (URZ)
Universität Greifswald
Felix-Hausdorff-Str. 18
17489 Greifswald
Germany

Tel. +49 3834 420 1423
Fax. +49 3834 420 1401


--
Mit freundlichen Grüßen

Martin Bickel
Servicebereich Cloud Solutions & Data Analytics

Martin.Bickel AT URZ.Uni-Heidelberg.DE
Tel. (06221) 54-20027

Universität Heidelberg
Universitätsrechenzentrum (URZ)
Im Neuenheimerfeld 330, 69120 Heidelberg

http://www.urz.uni-heidelberg.de
<?xml version="1.0" encoding="utf-8"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1";>
  <name>eduroam®</name>
  <SSIDConfig>
    <SSID>
      <name>eduroam</name>
    </SSID>
  </SSIDConfig>
  <connectionType>ESS</connectionType>
  <connectionMode>auto</connectionMode>
  <autoSwitch>false</autoSwitch>
  <MSM>
    <security>
      <authEncryption>
        <authentication>WPA2</authentication>
        <encryption>AES</encryption>
        <useOneX>true</useOneX>
      </authEncryption>
      <PMKCacheMode>enabled</PMKCacheMode>
      <PMKCacheTTL>720</PMKCacheTTL>
      <PMKCacheSize>128</PMKCacheSize>
      <preAuthMode>disabled</preAuthMode>
      <OneX xmlns="http://www.microsoft.com/networking/OneX/v1";>
        <cacheUserData>true</cacheUserData>
        <authMode>user</authMode>
        <EAPConfig>
          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig";>
            <EapMethod>
              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon";>21</Type>
              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon";>0</VendorId>
              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon";>0</VendorType>
              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon";>311</AuthorId>
            </EapMethod>
            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig";>
              <EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1";>
                <ServerValidation>
                  <ServerNames>radius-node1.urz.uni-heidelberg.de</ServerNames>
                  <TrustedRootCAHash>59 0d 2d 7d 88 4f 40 2e 61 7e a5 62 32 17 65 cf 17 d8 94 e9 </TrustedRootCAHash>
                  <TrustedRootCAHash>e2 24 be f6 d7 86 22 0d 26 2b b8 07 ab 6d ac f9 d3 a8 9a 93 </TrustedRootCAHash>
                  <TrustedRootCAHash>c9 dc b0 47 ac 8c 5f 09 05 ed 77 52 8c bd 4b 84 d9 46 3c 45 </TrustedRootCAHash>
                  <DisablePrompt>true</DisablePrompt>
                </ServerValidation>
                <Phase2Authentication/>
                <Phase1Identity>
                  <IdentityPrivacy>true</IdentityPrivacy>
                  <AnonymousIdentity>eduroamHDcat2019 AT uni-heidelberg.de</AnonymousIdentity>
                </Phase1Identity>
              </EapTtls>
            </Config>
          </EapHostConfig>
        </EAPConfig>
      </OneX>
    </security>
  </MSM>
</WLANProfile>

<?xml version="1.0" encoding="utf-8"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1";>
  <name>eduroam®</name>
  <SSIDConfig>
    <SSID>
      <name>eduroam</name>
    </SSID>
  </SSIDConfig>
  <connectionType>ESS</connectionType>
  <connectionMode>auto</connectionMode>
  <autoSwitch>false</autoSwitch>
  <MSM>
    <security>
      <authEncryption>
        <authentication>WPA2</authentication>
        <encryption>AES</encryption>
        <useOneX>true</useOneX>
      </authEncryption>
      <PMKCacheMode>enabled</PMKCacheMode>
      <PMKCacheTTL>720</PMKCacheTTL>
      <PMKCacheSize>128</PMKCacheSize>
      <preAuthMode>disabled</preAuthMode>
      <OneX xmlns="http://www.microsoft.com/networking/OneX/v1";>
        <cacheUserData>true</cacheUserData>
        <authMode>user</authMode>
        <EAPConfig>
          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig";>
            <EapMethod>
              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon";>21</Type>
              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon";>0</VendorId>
              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon";>0</VendorType>
              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon";>311</AuthorId>
            </EapMethod>
            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig";>
              <EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1";>
                <ServerValidation>
                  <ServerNames>radius-node1.urz.uni-heidelberg.de</ServerNames>
                  <TrustedRootCAHash>59 0d 2d 7d 88 4f 40 2e 61 7e a5 62 32 17 65 cf 17 d8 94 e9 </TrustedRootCAHash>
                  <TrustedRootCAHash>e2 24 be f6 d7 86 22 0d 26 2b b8 07 ab 6d ac f9 d3 a8 9a 93 </TrustedRootCAHash>
                  <TrustedRootCAHash>c9 dc b0 47 ac 8c 5f 09 05 ed 77 52 8c bd 4b 84 d9 46 3c 45 </TrustedRootCAHash>
                  <DisablePrompt>true</DisablePrompt>
                </ServerValidation>
                <Phase2Authentication/>
                <Phase1Identity>
                  <IdentityPrivacy>true</IdentityPrivacy>
                  <AnonymousIdentity>eduroamHDcat2019 AT uni-heidelberg.de</AnonymousIdentity>
                </Phase1Identity>
              </EapTtls>
            </Config>
          </EapHostConfig>
        </EAPConfig>
      </OneX>
    </security>
  </MSM>
</WLANProfile>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19.

Top of Page