none
Failing to configure EAP-TLS WLAN through MDM RRS feed

  • Question

  • Hi everybody,

    I am trying to configure a WLAN Profile with EAP-TLS, but the device is rejecting commands with status 500 for Add and 507 for Atomic . Below is a sample of what I am sending:

     
    <Atomic>     
    <CmdID>2</CmdID>      
    <Add>        
    <CmdID>3</CmdID>        
    <Item>          
    <Target>      
    <LocURI>./Vendor/MSFT/WiFi/Profile/testEapTLS/WlanXml</LocURI>          
    </Target>          
    <Meta>            
    <Format>chr</Format>          
    </Meta>          
    <Data>&lt;?xml version=&quot;1.0&quot; ?&gt;&lt;WLANProfile xmlns=&quot;http://www.microsoft.com/networking/WLAN/profile/v1&quot;&gt;&lt;name&gt;testEapTLS&lt;/name&gt;&lt;SSIDConfig&gt;&lt;SSID&gt;&lt;name&gt;testEapTLS&lt;/name&gt;&lt;/SSID&gt;&lt;/SSIDConfig&gt;&lt;connectionType&gt;ESS&lt;/connectionType&gt;&lt;connectionMode&gt;manual&lt;/connectionMode&gt;&lt;autoSwitch&gt;false&lt;/autoSwitch&gt;&lt;MSM&gt;&lt;security&gt;&lt;authEncryption&gt;&lt;authentication&gt;WPA2&lt;/authentication&gt;&lt;encryption&gt;AES&lt;/encryption&gt;&lt;useOneX&gt;true&lt;/useOneX&gt;&lt;/authEncryption&gt;&lt;OneX xmlns=&quot;http://www.microsoft.com/networking/OneX/v1&quot;&gt;&lt;authMode&gt;user&lt;/authMode&gt;&lt;EAPConfig&gt;&lt;EapHostConfig xmlns=&quot;http://www.microsoft.com/provisioning/EapHostConfig&quot;              xmlns:eapCommon=&quot;http://www.microsoft.com/provisioning/EapCommon&quot;  xmlns:baseEap=&quot;http://www.microsoft.com/provisioning/BaseEapMethodConfig&quot;&gt;&lt;EapMethod&gt;&lt;eapCommon:Type&gt;13&lt;/eapCommon:Type&gt;&lt;eapCommon:AuthorId&gt;0&lt;/eapCommon:AuthorId&gt;&lt;/EapMethod&gt;&lt;Config xmlns:baseEap=&quot;http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1&quot;       xmlns:eapTls=&quot;http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1&quot;&gt;&lt;baseEap:Eap&gt;&lt;baseEap:Type&gt;13&lt;/baseEap:Type&gt;&lt;eapTls:EapType&gt;&lt;eapTls:CredentialsSource&gt;&lt;eapTls:CertificateStore&gt;&lt;eapTls:SimpleCertSelection&gt;true&lt;/eapTls:SimpleCertSelection&gt;&lt;/eapTls:CertificateStore&gt;&lt;/eapTls:CredentialsSource&gt;&lt;eapTls:ServerValidation&gt;&lt;eapTls:DisableUserPromptForServerValidation&gt;false&lt;/eapTls:DisableUserPromptForServerValidation&gt;&lt;eapTls:ServerNames /&gt;&lt;/eapTls:ServerValidation&gt;&lt;eapTls:DifferentUsername&gt;false&lt;/eapTls:DifferentUsername&gt;&lt;/eapTls:EapType&gt;&lt;/baseEap:Eap&gt;&lt;/Config&gt;&lt;/EapHostConfig&gt;&lt;/EAPConfig&gt;&lt;/OneX&gt;&lt;/security&gt;&lt;/MSM&gt;&lt;/WLANProfile&gt;</Data>
    </Item>      
    </Add>    
    </Atomic>

    The response from device is:

        <Status>
          <CmdID>2</CmdID>
          <MsgRef>2</MsgRef>
          <CmdRef>2</CmdRef>
          <Cmd>Atomic</Cmd>
          <Data>507</Data>
        </Status>
        <Status>
          <CmdID>3</CmdID>
          <MsgRef>2</MsgRef>
          <CmdRef>3</CmdRef>
          <Cmd>Add</Cmd>
          <Data>500</Data>
        </Status>

    I found a similar case in this thread: 

    https://social.msdn.microsoft.com/Forums/en-US/7aa51e70-0403-4872-b103-57aae449bdf8/eaptls-wlanprofile-for-windows-phone-81?forum=developingmdmsolutions

    but it is still failing even after adding the authMode tag.

    I also tried escaping XML with CDATA but it is failing too.

    Any help is appreciated as I am stuck on this for many days.

    Regards

    Tuesday, March 10, 2015 5:18 PM

Answers

  • Finally it worked, it seems I had some extra spaces in my previous configuration. Moreover I dropped escaping xml in favor of CDATA tag.

        <Atomic>
          <CmdID>2</CmdID>
          <Add>
            <CmdID>3</CmdID>
            <Item>
              <Target>
                <LocURI>./Vendor/MSFT/WiFi/Profile/TP-LINK_DE3480/WlanXml</LocURI>
              </Target>
              <Meta>
                <Format>chr</Format>
              </Meta>
              <Data><![CDATA[<?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>TP-LINK_DE3480</name><SSIDConfig><SSID><name>TP-LINK_DE3480</name></SSID></SSIDConfig><connectionType>ESS</connectionType><connectionMode>auto</connectionMode><autoSwitch>false</autoSwitch><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config  xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSelection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames/></ServerValidation><DifferentUsername>false</DifferentUsername></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>]]></Data>
            </Item>
          </Add>
        </Atomic>

    • Marked as answer by A. Slim Wednesday, March 11, 2015 8:43 AM
    Wednesday, March 11, 2015 8:43 AM