«

Hi,

I am trying to test a Microsoft Wireless Provisioning Services (WPS)
setup.

The client is a laptop with XP SP2, the access point is an Aironet 1200
and the RADIUS server is Radiator.

I have been able to get successful PEAP 802.1x authentication working
when I manually configure the XP client (i.e. using PEAP authentication
with MS-CHAPv2 with a known username/password).
By successful I mean that the 802.1x authentication completes and the
laptop gets an IP address via DHCP through which I can then access the
network at large. So I think I have the basic PEAP authentication with
a non-Microsoft RADIUS server working.

However, when I attempt to use WPS guest mode I get a problem as
follows:
1. I connect to SSID 'wps'. PEAP auth for the first time seems to go
OK and see that WLAN associates and gets IP address via DHCP.
2. Window popup asking if client can download provisioning info.
Note that the 'Download' button is inactive for 4 seconds and then
becomes active (this is mentioned in WZCDLG logs)
3. By the time the 'Download' button is active, the WLAN interface
is no longer associated.
4. I have waited variable lengths of time (up to 20 minutes) before
pressing 'Download' button but in all cases behaviour is the same. i.e.
client says it is now retrieving files. It waits for a while (1
minute?) and then does PEAP authentication to AP for a second time.
5. This succeeds and it associates again and gets IP address by
DHCP. Within several seconds it disconnects again and get error popup
saying network is unavailable.

I also noticed a DHCP event 1006 in the 'Event Viewer' on the client.
This is a DHCP warning and it occurs when the client authenticates the
second time after dropping out initially. It says it got a DHCP address
already in use and so it will shut down the interface until it gets a
proper one. However, as far as I can tell from the packet traces, it
gets an unused DHCP address so I don't know what is causing this error.

The other confusing issue is that I have had the second connection (in
step 5) stay up on a couple of occasions and then the client attempted
to download the XML provisioning files. When this happened it still
had the initial disconnection and reconnection though. But, apart from
a couple of successes my countless other attempted connections have
failed as described above.

Does anyone know the cause of this problem? Should there be an initial
disconnction as in step 3? Why might the second connection fail? Why is
DHCP failing?

I would appreciate any help.

I found the problem. The following description maybe of use if other
people have similar problems.

The first DHCP disconnection seems to be normal. The first time a
connection is made is within the function
CWZCQuickCfg::ConnectAsGuestToDiscoverWisp which disconnects once a
WISP has been discovered. The second connection is within the function
CWZCQuickCfg::ConnectAsGuestAndDownloadWispPackage which will actually
attempt to download.

The second disconnection was a problem however. The immediate reason
for the second disconnection was that the Network Provisioning Service
seemed to be confused after an earlier failure. After an earlier
download had failed, the registry key was set for the WISP under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\xmlprov\Parameters\Domains\www.foo.com.
However, no XML files had been downloaded successfully into
C:\Documents and Settings\All Users\Application
Data\Microsoft\Provisioning\Master\www.foo.com. So when it came time
to get the provisioning data, the Provisioning Service seemed to think
it had the data (since the registry key was set) and hence wouldn't
attempt to download it again. But when it went to read the data the
files weren't there so it bailed out and disconnected (which in turn
caused the DHCP error).

The root cause of this problem was that the certificate had expired on
the web server containing the provisioning XML files and this caused
the the download to fail. However I had trouble finding out that this
was the error.
The first places I looked were the event viewer and the logs:
- The error reported by the Network Provisioning Server in the Event
Viewer was 40004 "Maximum file size constraints for domain www.foo.com
have been exceeded. The reason is 'One or more maximum file size
constraints were exceeded.'".
- The error in WZCDLG was "CWZCQuickCfg ERROR0x80004005):Connection
Failed
Unspecified error".
- The error in XMLProv was
[208] 09:50:14: /---CXmlProvJob::JobError
[208] 09:50:14: | BITS Job : {123456-1234-ABCD-DCBA-123456789AB}

[208] 09:50:14: | Invalid state [current BG_JOB_STATE : (4)]

[208] 09:50:14: | /---CXmlProvDomain::RemoveJobFromJob
[208] 09:50:14: || Queued a domain work item to remove a job!

[208] 09:50:14: | \___CXmlProvDomain::RemoveJobFromJob
[208] 09:50:14: \___CXmlProvJob::JobError
which at least prompted me to investigate BITS.

I eventually found out the error using the BITSAdmin tool since BITS is
used to manage the download. The following command showed the problem:

C:\Documents and Settings\demo>bitsadmin /list /allusers /verbose

BITSADMIN version 2.0 [ 6.6.2600.2180 ]
BITS administration utility.
(C) Copyright 2000-2004 Microsoft Corp.

GUID: {123456-1234-ABCD-DCBA-123456789AB} DISPLAY: www.foo.com
TYPE: DOWNLOAD STATE: ERROR OWNER: NT AUTHORITY\SYSTEM
PRIORITY: FOREGROUND FILES: 0 / 1 BYTES: 0 / UNKNOWN
CREATION TIME: 1/06/2005 10:43:19 AM MODIFICATION TIME: 2/06/2005
1:24:04 PM
COMPLETION TIME: UNKNOWN ACL FLAGS:
NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 11
RETRY DELAY: 600 NO PROGRESS TIMEOUT: 1209600 ERROR COUNT: 24
PROXY USAGE: NO_PROXY PROXY LIST: NULL PROXY BYPASS LIST: NULL
ERROR FILE: https://www.foo.com/provisioning/master.xml ->
C:\Documents and Settings\All Users\Application
Data\Microsoft\Provisioning\Temp\www.foo.com.xml
ERROR CODE: 0x80072f05 - The date in the certificate is invalid or
has expired
ERROR CONTEXT: 0x00000005 - The error occurred while the remote file
was being processed.
DESCRIPTION:
JOB FILES:
0 / UNKNOWN WORKING
https://www.foo.com/portal/provisioning/master.xml -> C:\Documents and
Settings\All Users\Application
Data\Microsoft\Provisioning\Temp\www.foo.com.xml
NOTIFICATION COMMAND LINE: none

Once I updated the certificate the download workd fine and I got the
signup wizard and could make progress.