AirPennNet-Help and XpressConnect
AirPennNet-Help is a wireless network which delivers a wizard called XpressConnect to assist University of Pennsylvania students, faculty, staff, and guests with a PennKey to configure and connect their devices to AirPennNet.
Using AirPennNet-Help to configure your computer for AirPennNet
- Visit http://airpennnet-help.net.isc.upenn.edu/ available on campus through the AirPennNet-Help wireless network. After reading the important information pertaining to your device, follow the "continue to XpressConnect" link at the bottom of the page.
- Check the box to acknowledge Penn's policy on Acceptable Use of Electronic Resources, and then click start.
- Upon clicking start, the XpressConnect wizard will load and begin to scan your device to identify which steps are necessary to appropriately configure your laptop for AirPennNet. Please Note: The wizard will attempt to load automatically using a Java Applet or Active X controls depending upon your OS and browser. You may need to click the "manual download page" link and follow the on-screen directions if it does not load automatically.
- XpressConnect will go through several steps to determine your connectivity status. It may ask you, more than once, to enter your credentials for AirPennNet, which is your PennKey and password. Each time you are prompted, enter your credentials in the appropriate boxes and then click continue.
- The wizard requires elevated user account privileges to make configuration changes in your operating system. If requested, please supply your laptop's administrative username and password to continue.
- Computers running Mac OS do not require additional, 3rd-party software to connect to AirPennNet. However, most Windows computers do require additional software called SecureW2. If you do not currently have the most recent version of SecureW2 on your computer, XpressConnect will install it for you. You may be prompted to restart your computer. After you do so, the XpressConnect wizard will automatically relaunch. Click continue to carry on with the configuration process.
- On Windows computers, during the authentication step of the wizard, a bubble may appear in the lower-right corner of the screen. If it appears, click in the center of the bubble and enter your PennKey username and password when prompted and then click the "retry" button in the XpressConnect wizard.
- XpressConnect will then validate connectivity. In Windows there is the added feature that if you anticipate you would like to revert the changes XpressConnect has made to your computer later, you may click on the link on the validation screen to create a shortcut on your desktop to uninstall and revert.
- Upon completion, the following SSIDs are removed from the preferred networks list: Wireless-PennNet;AirPennNet-Guest;AirSAS;AirSEAS;AirPennNet-Help.
- Adds and trusts the root CAs for all of Penn's radius servers.
- Warns if the device's clock is incorrect (may create problems verifying the certificate).
- Redirects all http traffic to http://airpennnet-help.net.isc.upenn.edu while connected to AirPennNet-Help.
- Prompts the user to install the XpressConnect utility from the Android Marketplace (requires the user to disconnect from AirPennNet-Help, connect to an alternate WiFi or cellular network, download the utility, and then reconnect to AirPennNet-Help) or from the AirPennNet-Help server (the user may need to allow installing applications from unknown sources on the device).
- Configures the network and authentication settings for AirPennNet
- Installs the correct .mobileconfig for AirPennNet.
All Mac OS
- Prompts the user to enable the Firewall if it is disabled.
- Checks for presence of Symantec Endpoint Protection.
- If SEP is not detected, user is routed to PennKey-protected SEP download page with additional downloads and personalized support information.
- If SEP is detected, user is routed to page with additional downloads and personalized support information
Mac OS 10.4
- Prompts the user to run Software Update if OS is not 10.4.11 (or later).
- Configures Internet Connect for AirPennNet.
Mac OS 10.5
- Prompts the user to run Software Update if OS is not 10.5.8 (or later).
Mac OS 10.6
- Prompts the user to run Software Update if OS is not 10.6.5 (or later).
Mac OS 10.7-10.8
- Attempts to run through Java. If Java is not enabled, user will be presented with a page to download an XpressConnect installer with a built-in Java runtime.
- Turns on Automatic Updates if they are off.
- For Students only, connects the computer to the Penn Windows Automatic Update Service.
- Checks for and warns if Antivirus software is not installed (or is not reporting to the Windows Security Center).
- Prompts the user if the Windows Firewall is disabled.
- Turns off Internet Connection Sharing if enabled.
- Prompts users to disable conflicting wireless utilities.
- If antivirus is not detected, user is routed to PennKey-protected SEP download page with additional downloads and personalized support information.
- If antivirus is detected, user is routed to page with additional downloads and personalized support information
- Installs the WPA2 Hotfix if needed.
- Installs SecureW2 Enterprise Client 3.5.8 if needed.
Windows Vista and 7
- Ensures WLAN service is running.
- Installs SecureW2 Enterprise Client 3.5.9 if needed.
- Activates Network Manager and ensures that Network Manager is managing the wireless interface.
Common issues and solutions:
All OSes: The AirPennNet-Help website does not display when opening a browser
- Make sure that the device is configured for DHCP; the page will not load if the device's IP address or DNS servers are hard-coded.
- Verify that the URL in the browser is an http: address rather than an https: address; AirPennNet-Help is not SSL enabled and will not properly redirect an https request. This is especially notable on Mac OS systems; Safari "remembers" whether or not a given site is SSL-enabled or not and automatically switches to the https: protocol accordingly. www.upenn.edu is a safe site to enter into a browser when trying to open AirPennNet-Help.
Windows 7: When authenticating to AirPennNet, the authentication bubble does not "pop up" by the task bar
- This is usually caused by third-party wireless software, such as Intel PROSet/Wireless, interfering with Windows' ability to manage wireless networks. Most such software is unable to negotiate with 802.1x networks properly, so you will want to either disable or uninstall it so that Windows manages wireless networks natively.
Windows 7: An error similar to "The SecureW2 license has expired" appears when trying to configure AirPennNet
- This issue is usually caused by third-party software interfering with Windows' ability to manage 802.1x networks. Third party antivirus and security products such as Kapersky Antivirus are particularly common causes for this error. Temporarily disabling the software responsible when configuring AirPennNet usually solves this problem. In most cases, the software can be safely re-enabled after AirPennNet is configured.
Mac OS: The link to the XpressConnect application on the AirPennNet-Help website does not work
- Mac OS includes a stripped-down web browser called the "Captive Network Assistant" that automatically launches when the OS detects that a system is connected to a captive portal like AirPennNet-Help. The Captive Network Assistant cannot download files, so it cannot be used to download the XpressConnect application. Though there are some measures in place on AirPennNet-Help to try to keep Mac OS from detecting it as a captive portal, they are unfortunately not foolproof. Should the Captive Network Assistant launch, please close it and launch a full-fledged browser like Safari instead to complete the AirPennNet configuration process.
XpressConnect Support Files
A support file contains information about the machine, network adapters, and any errors received while the XpressConnect wizard is attempting to configure your device. This information is useful to both the Client Care and the vendor if escalation is needed, and will minimize requests for additional information and data. More information about the data contained in the support file can be found here.
On a problematic machine, follow the steps below for your device to create a Support File and include it and a description of your problem when you contact the Provider Desk for assistance.
- While the XpressConnect application is open and at the failure point, press the menu button.
- Click "E-Mail log file..."
- Replace the logs at cloudpath.net with your email address.
- It is not possible to create a Support File while running the iOS version of XpressConnect. Users experiencing trouble (who are not prompted to load the profile) should power cycle their device and attempt again. If there is difficulty connecting after the profile was installed, verify the user has entered the proper PennKey user name and password.
Mac OS X
- Go to the Options menu, and the Support sub menu.
- Select "Generate Support File."
- Go to the Options menu, and the Support sub menu.
- Select "Generate Support File."
- Locations of log files
If you are unable or forgot to create a support file, you can obtain a log file which also contains useful data. XpressConnect log files can be found at the following locations:
- Windows 7,8, and 10: C:/Users/[USER]/AppData/Local/Temp/My Networks/
- Mac OS: /tmp/XpressConnect
The primary log file is XpressConnect.log. It contains the logs related to all configuration and execution of XpressConnect.
Special notes for Windows
- The user's temp directory can be quickly accessed by typing '%temp%' into the address bar.
- The XpressConnect_exe_load.log file contains logs related to the download of XpressConnect. This is useful in troubleshooting issues occurring before the main XpressConnect application displays.
- When XpressConnect loads using ActiveX, the activex_launch.log will be created. This log contains information about the initialization of the ActiveX component.
SecureW2 has an advanced logging or "tracing" feature that can be interpreted by Client Care staff as well as by the vendor of SecureW2. From time to time, these logs have proven invaluable when attempting to resolve difficult problems.
Step by step:
- Open the SecureW2 Configuration Manager by doing the following:
- Go to the AirPennNet wireless connection Properies window.
- Click the Security tab
- Click the Settings button next to the "SecureW2: SecureW2 EAP-TTLS" entry
- The SecureW2 Configuration Manager window will open
- Click the Log tab
- Set the EAP Methods and Service entries to "DEBUG"
- Click OK
- Attempt to connect to AirPennNet again (replicate the error)
- Open the SecureW2 Configuation Manager again, go to the Log tab, and set the EAP Methods and Service entries to "DISABLED"
- NOTE:It is very important trace logging be turned off within a few connection attempts as these logs can become quite large quickly.
- Go to the %windir$\tracing directory on the laptop (usually c:\WINDOWS\tracing)
- Zip this folder and send it in to be appended to your case.
Removing Cached Credentials from SecureW2
Previous versions of SecureW2 used Microsoft's cache for storing PennKey credentials in SecureW2. Unfortunately, the only method to remove credentials involved either editing the registry manually, or reinstalling SecureW2. Versions of SecureW2 installed via XpressConnect from AirPennNet-Help on March 15, 2011 or later have the configuration option that allows users to remove cached credentials through the settings screen. (Older Secure W2 versions, installed before XpressConnect 3.5.66, use Microsoft caching, and therefore do not offer this option).
- Navigate to the Windows wireless profile and select the "Advanced" tab for the AirPennNet wireless profile.
- Click "Settings" next to: SecureW2: SecureW2 EAP-TTLS. 3. On the "User Account" tab in SecureW2, check the "Prompt user for credentials" box.
- Cycle the network connection either by turning off and then turning back on the wireless card, or restarting the system.
- A balloon should appear in the system tray when the computer reconnects. The user should click it and enter the new username and password.
Note: It is strongly recommended that users do not uncheck the "Save User Password" box as this can result in the user being prompted for credentials very frequently when in areas where their client may roam between access points.