UCSD-Protected TroubleshootingUCSD-Protected instructions can be found by googling “UCSD-Protected”

The following is for when following those directions don’t work. Please double check all the steps in the Blink guide.

Accounts:1. Account Issues for Students

a. Check to make sure you aren’t blocked by UCSD due to a) A DMCA Copyright violation, b) A virus infection on your computer that trips the SNORT malware detector. Call the ACMS helpdesk at 858-534-2267 and provide them with your MAC address(this is a unique hardware identifier that is linked to your wired or wireless network card. Here’s how to find your MAC address:

i. XP: Start > Run > type “cmd”ii. Vista/7: Search “cmd” and right click, Run as Administrator

1. Type “ipconfig /all” without the quotes, and look under “Wireless LAN adapter Wireless Network Connection”b. Make sure your password matches.

i. Call the ACMS helpdesk and ask them to check your password for you. If there is a password mismatch, simply go to iwdc.ucsd.edu/password or if you go to the helpdesk a representative from Instructional Computing can instantly change the password.

2. Account Issues for Staff and Facultya. Staff and faculty accounts are handled by ACT (Administrative Computing and Telecommunications), who can be reached by

phone at 858-534-1853. They can change your password or you can simply go to password.ucsd.edu to change the password.

WINDOWS1. Make sure you’ve checked Blink’s webpage on how to set up UCSD-Protected.2. Issues with root certificate installation

a. The downloadable certificate sometimes isn’t accepted, use the registry hack here: http://www.2shared.com/file/gWpwhHIr/certInstall.html This will force the certificate in. It’s what’s used at the helpdesk.

3. Issues with software or hardwarea. Software Issues

i. If there is a 3rd party wireless software installed it can be configured for the UCSD protected, however if it doesn't work, ask the user to remove it.

ii. Reinstall the drivers from device manager (devmgmt.msc)A note about drivers...Always create a system restore point before making any changes. Do not check the "Delete the software driver for this device" button when the prompt comes up. If anything does go south there's also the "Roll Back Drivers" option.

iii. Disable any power saving options that may prevent connections (Device Manager > Right click Properties > Configure > Power tab). On intel laptops if the power settings are set to conserve battery life the wireless chips are affected in such a way that they cannot get on protected or guest wireless even when the laptop is close to the access point.

iv. Check the date and time and make sure they are correct. MSCHAPv2 may reject the authentication if the time/date are off.

b. Hardware Issuesi. If a hardware issue is suspected, booting from Ubuntu and testing the wireless may confirm the issue isn't software-

related. You can purchase an external wireless USB adapter or a PCMCIA/ExpressCard wireless card.ii. Check if the antenna connectors to the NIC are secure, in rare instances they may come loose and the wireless signal

would decrease to an unusable level.

UCSD-PROTECTED requires a minimum of WPA encryption, if the user's machine only supports WEP then they must log onto the UCSD-GUEST network. Have the user fill out the form located on the UCSD-wireless webpage in Blink to get No-Auth which puts them on the Guest network and doesn't require the authentication process. Direct link: http://www-no.ucsd.edu/ono-cgi-bin/etherform/wirelessform.pl The registration page says around 2 days, according to Hostmaster it can take more than 2 days.

OS XCertificate installation:

1. Rename the root certificate .cer after downloading2. If the user has installed the root certificate, check keychain (search top right) and make sure the certificate is set to "Always Trust"

Certificate successfully installed but unable to connect online:1. Make sure DHCP is set to automatic so there's no hardcoded IP.2. Remove the saved User Profile (see picture):3. In Keychain, remove all root certificates and reinstall them.4. Download the latest Apple Airport Utility which fixes many known issues

either through Software Update or directly from online (connect the machine to our ethernet port for internet access: http://support.apple.com/kb/DL955

5. Delete the plists

6. Macintosh HD > Applications > Utilities > Disk Utility > Repair Disk Permissions, if that doesn’t work, Repair Disk.

General TroubleshootingAtheros Wireless incompatibility

Deleting .plist files1. Navigate to the /Library/Preferences/SystemConfiguration/

folder2. Delete com.apple.airport.preferences.plistpreferences.plist3. Navigate to /Home/Library/Preferences/ByHost4. Delete: com.apple.preference.internet.xxxxxxxxxx.plist5. Restart the computer.

There has been a common problem with an Atheros driver- where the solution is to downgrade the driver version.

Symptoms limited or no connectivity on UCSD-Guest and UCSD-PROTECTED can connect to home routers OK. ie Resnet-AP in the office. Atheros AR9285 driver date 10/5/09 - version 8.0.0.238 Windows 7 New laptop Not blocked on netapps

Solution go to www.atheros.cz download driver 7.7.0.331 date 6/9/09 (the website will

say 9/6/09). downgrade the driver version go to the driver and make sure go to power options on control panel and change

advanced settings on each and every power plan. Make the wireless adapter to have maximum PERFORMANCE. not maximum battery.go to driver and go to Power Management tab. uncheck Allow the computer to turn off this device to save power.

Common Problems:

1. Failing to authenticate- incorrect AD password or disabled account: reset password / re-enable (done when reset).2. Failing to import certificate - certain type of OS like Vista Home Basic fails to properly import the certificate when following the Blink

page instructions. Manual installation of certificate is required using certmgr.msc:a. In the Start Search box type certmgr.msc. In the list above right click on it and pick Run as administrator (this step did not come up as the logged in user was an administrator)c. Right click on Trusted Publishers, click on All Tasks... then Import. Click on Next, then Browse. Browse to the folder with the certificate in it, click on it, then click on Open. Click on Next. Make sure to place all certificates in the following store is selected. Click on Browse. Check in Show physical stores. Expand Trusted Publishers, pick Local Computer, then OK. Click on Next, then FinishAn alternative to the above is to use Huo's regkey certificate importer located on the flash drive at the Front Desk.

3. Cert for multiple user accounts on Windows- follow the steps below to set up certificate on all current and future user accounts on the computer. Initiate the certificate installation as instructed on Blink page. When prompted, select Place all certificates in the following store then click Browse. Check Show physical stores.d. Double click on Trust Root Certification Authoritiese. Select Local Machines then Click OK. Follow the rest of the steps on Blink to complete the certificate install.

4. Computer is too old and doesn't support WPA/WPA2 - Have the user fill out the form located on the UCSD-wireless webpage in Blink to get No-Auth which puts them on the Guest network and doesn't require the authentication process. Direct link: http://www-no.ucsd.edu/ono-cgi-bin/etherform/wirelessform.pl. The registration page says around 2 days, according to Hostmaster if there isn't a crush of workload it is done in 24 hours, if it gets busy, it can take more than 2 days. 

Uncommon Problems:

1. Mac Snow Leopard failing to auto authenticate 802.1x on start.- user is able to connect to the encrypted network fine, but needs to manually start the 802.1x auth. we are looking into this issue with Jim and it maybe be an issue related with Snow Leopard.

2. PowerBook G4 model nicknamed "Titanium" from Spring 2003 Mac 10.4- failing to authenticate even after valid AD credentials were used. old hardware not supporting WPA / WPA2 Enterprise. testing with an external USB network card / looking into this issue further.

3. XP failing to prompt for credentials.- we are testing with an external USB network card and using a proprietary network manager to auto. input the username / password.-  UPDATE: we have determined that a new install of Windows XP will work OK with the internal wireless adaptor. we are reinstalling the OS to cure the problem.

4. XP missing PEAP / EAP-MSCHAPv2 authentication.- ran a registry import fix, but is still missing EAP-MSCHAPv2 authentication method. User is going to roll back and reinstall SP3.

5. VZAccess Manager does not support WPA2 - Close VZ Access Manager and give it a second to return control of the wireless card to the windows connection manager.

OS and Device Compatibility

The following platforms are tested and known to work with UCSD-PROTECTED

Android 2.0+Apple iOS 2.0.x+Windows Mobile 6.5+

Device Name Protected Support? Confirmed?

Android G1 Yes Yes

Blackberry Storm - no Wi-Fi Support

Blackberry Curve - only Blackberry Curve 8350i Wi-Fi support / should work

Blackberry Pearl - only Blackberry Pearl 8120 Wi-Fi support / should work

Blackberry 0895

Blackberry 51CC

Blackberry 8900 Wi-Fi support / should work

Blackberry 9700 - has Wi-Fi support / should work

Sony Ericsson OS

HTC Touch Pro/Fuze Yes Yes

HTC Touch Diamond Yes

HTC Touch Viva

Nintendo Dsi

Nokia S60 Business Phone Yes see [setup details acsclass:UCSD-PROTECTED S60 Nokia Symbian phones]

Yes

Nokia 5800

Nokia E71X Yes see setup details Yes

Nokia N810 without full PEAP support

Nokia n82

Nokia n95

Palm Pre Yes Yes

Palm T/X

Palm 700wx

PlayStation Portable

PocketPC

ZuneHD MP3 Player No Confirmed