The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Note Execution of the sscManagementUtility utility will result in either of the following:
•Success—Confirmation message returned. For sign option, output file created with processed content.
•Failure—Error message returned. Output file created, but empty.
•Input file must have .xml file extension
Command syntax example:
sscManagementUtility validate -i distPkg
Error message:
Input file "distPkg" should have the ".xml" extension!
•Input file has an incorrect file extension
Command syntax example:
sscManagementUtility validate -i distPkg.txt
Error message:
Input file "distPkg.txt" should have the ".xml" extension!
•Command line syntax error
Command syntax example:
sscManagementUtility distPkg.xml distPkgSigned.xml
Error message:
Usage:
sscManagementUtility [command] [command specific options]
Command:
help - print usage
validate - validate configuration Xml file
sign - validate and sign configuration Xml file
validate options:
sscManagementUtility validate [-i <input file>]
-i --in
path to the original distribution package xml file
sign options:
sscManagementUtility sign [-i <input file>] [-o <output file]
-i --in
path to the original distribution package xml file
-o --out
path to the processed and ready to deploy xml file
Most command syntax errors will display the command help information, as in this example.
Note Errors found by the utility's built-in XLM schema validation process are displayed as one of the following types:
parser error
Schema validity error
Some examples of schema validation errors are:
•An empty input file, distPkg.xml
Error message:
distPkg.xml:1: parser error : Document is empty
distPkg.xml:1: parser error : Start tag expected, '<' not found
failed to parse distPkg.xml
•Missing version attributes from base element
Erroneous XML input text:
<configuration>
Error message:
Loaded version: ..
Unknown configuration version.
•Missing element closing tag (<collectionBehavior)
Tip Parsing errors are hierarchical in nature. Always resolve top-down. The actual error will most likely cause additional by-product errors to appear subsequently in the file.
In this case, fixing the single error in line 49, eliminates all of the reported parsing errors listed below.
Erroneous XML input text:
(line 48) <userAuthentication>
(line 49) <collectionBehavior
(line 50) <withPassword>
(line 51) <cachePasswordFromUser>
(line 52) <forever/>
(line 53) </cachePasswordFromUser>
(line 54) </withPassword>
(line 55) </collectionBehavior>
Error message:
Entity: line 50: parser error : error parsing attribute name <withPassword>
Entity: line 50: parser error : attributes construct error <withPassword>
Entity: line 50: parser error : Couldn't find end of Start Tag collectionBehavior line 49 <withPassword>
Entity: line 55: parser error : Opening and ending tag mismatch: userAuthentication line 48 and collectionBehavior </collectionBehavior>^
Entity: line 84: parser error : Opening and ending tag mismatch: authenticationNetwork line 47 and userAuthentication </userAuthentication>
Entity: line 96: parser error : Opening and ending tag mismatch: wifiNetwork line 39 and authenticationNetwork </authenticationNetwork>
Entity: line 97: parser error : Opening and ending tag mismatch: globalNetworks line 30 and wifiNetwork </wifiNetwork>
Entity: line 98: parser error : Opening and ending tag mismatch: networks line 29 and globalNetworks </globalNetworks>
Entity: line 102: parser error : Opening and ending tag mismatch: configuration line 2 and networks </networks>
Entity: line 104: parser error : Extra content at the end of the document <connectionSettings>
Document not loaded.
•Missing attributes from element
Erroneous XML input text:
<unprotectedIdentityPattern>anonymous</unprotectedIdentityPattern>
Error message:
element unprotectedIdentityPattern: Schemas validity error : Element 'unprotectedIdentityPattern': The attribute 'encryptContent' is required but missing.
Schema validation failed (1868)
•Elements out-of-order as required by schema
Erroneous XML input text:
<wifiNetwork>
<connectionTimeout>30</connectionTimeout>
<displayName>My Corporate Wi-Fi Network</displayName>
Error message:
element connectionTimeout: Schemas validity error : Element 'connectionTimeout': This element is not expected. Expected is ( displayName ).
Schema validation failed (1871)
•Missing a required element
Erroneous XML input text:
<wifiNetwork>
<connectionTimeout>30</connectionTimeout>
<doNotAllowEapOverUdp/>
Error message:
element connectionTimeout: Schemas validity error : Element 'connectionTimeout': This element is not expected. Expected is ( displayName ).
Schema validation failed (1871)
•Missing a required element value
Erroneous XML input text:
<wifiNetwork>
<displayName></displayName>
<connectionTimeout>30</connectionTimeout>
Error message:
element displayName: Schemas validity error : Element 'displayName': [facet 'minLength'] The value has a length of '0'; this underruns the allowed minimum length of '1'.
element displayName: Schemas validity error : Element 'displayName': '' is not a valid value of the atomic type 'NonEmptyString'.
Schema validation failed (1824)
•Element value data type error
Erroneous XML input text:
<wifiNetwork>
....
<associationTimeout>0</associationTimeout>
Error message:
element associationTimeout: Schemas validity error : Element 'associationTimeout ': '0' is not a valid value of the atomic type 'xs:positiveInteger'.
Schema validation failed (1824)
•Extra white space with an enumerated value
Erroneous XML input text:
<associationMode>
<wpa>
<encryption>TKIP </encryption>
</wpa>
</associationMode>
Error message:
element encryption: Schemas validity error : Element 'encryption': [facet 'enumeration'] The value 'TKIP ' is not an element of the set {'AES', 'TKIP'}.
element encryption: Schemas validity error : Element 'encryption': 'TKIP ' is not a valid value of the atomic type 'WpaEncryption'.
Schema validation failed (1824)
The distribution package schema contains several elements that serve as a reference to an external file that is being designated for inclusion in the XML instance file.
Some examples of file reference errors are:
CA Certificate file:
•Incorrect path for file (designated file not present)
XML input text:
<caReference>E:\path\CaCertFile.pem</caReference>
Error message:
CA certificate file: "E:\path\CaCertFile.pem" doesn't exist
•Incorrect file type
XML input text:
<caReference>CaCertFile</caReference>
Error message:
CA certificate file: "CaCertFile" should be in .pem format
PAC file:
•Incorrect path for file (designated file not present)
XML input text:
<aIdReference>E:\path\pacRefFile</aIdReference>
Error message:
Pac file "E:\path\pacRefFile" processing error: can not open pac file E:\path\pacRefFile
•PAC password not provided or invalid
XML input text: optional element, secretKey, not configured.
<reference>
<aIdReference>pacRefFile</aIdReference>
</reference>
XML input text: password value incorrect
<reference>
<aIdReference>pacRefFile</aIdReference>
<secretKey>1234</secretKey>
</reference>
Error message:
Pac file "pacRefFile" processing error: Invalid password to access pac file
The list of business rule verification errors, with examples, follows:
See the referenced element annotation descriptions in the schema for more information.
•Rule 1.1 Authenticating networks using a tunneled authentication method require the specification of at least one corresponding inner method. Applies to EAP FAST, EAP PEAP and EAP TLS.
Erroneous XML input text:
<wifiNetwork>
<displayName>Test 1.1.1</displayName>
....
<eapFast>
....
<methods></methods>
Error message:
[Rule 1.1.1 violation] Network Test 1.1.1 EapFast authentication settings should use at least one of the following methods as inner method: eapMschapv2 or eapGtc.
See the description for elements: methods or eapMethods.
•Rules 1.2.1 In a user connection context configured for network connectivity before logon, the source for credentials is limited. Client certificates are supported only through smartcards obtained from the OS - client certificates in the Windows certificate store are not supported. Passwords may not be obtained from the user.
Case 1—Smartcard certificates from OS (Rule 1.2.1a).
Erroneous XML input text:
<displayName>Test 1.2.1a</displayName>
...
<userAuthentication>
...
<certificateSource>
<certificateFromUser> {Must be from logon.}
...
<connectionSettings>
<connectionBehaviorAtLogon>
<attemptConnectionBeforeUserLogon>
Error message:
[Rule 1.2.1a violation] Network Test 1.2.1a Certificate source for user authentication must be certificateFromLogon!
Case 2—Password from OS or profile (Rule 1.2.1b).
Erroneous XML input text:
<displayName>Test 1.2.1b</displayName>
...
<userAuthentication>
...
<passwordSource>
<passwordFromUser> {Must be from logon or profile.}
...
<connectionSettings>
<connectionBehaviorAtLogon>
<attemptConnectionBeforeUserLogon>
Error message:
[Rule 1.2.1b violationPassword source for user authentication must not be passwordFromUser] Network Test 1.2.1b Collection behavior for user authentication must be smartCardOnlyCertificate!
See the description for element: attemptConnectionBeforeUserLogon.
•Rules 1.2.2a-c The collection behavior for user credentials is dependent on the type of credential specified.
Case 1—Password based credentials.
Erroneous XML input text:
<displayName>Test 1.2.2a</displayName>
...
<authenticationNetwork>
...
<collectionBehavior>
<withCertificate> {not consistent with source, withPassword required}
...
<authenticationMethod>
...
<passwordSource>
<passwordFromUser/>
Error message:
[Rule 1.2.2a violation] Network Test 1.2.2a Collection behavior for user authentication with passwordFromUser must be authenticateWithPassword!
Case 2—Certificate based credentials.
Erroneous XML input text:
<displayName>Test 1.2.2b</displayName>
...
<authenticationNetwork>
...
<collectionBehavior>
<withPassword> {not consistent with source, withCertificate required}
...
<authenticationMethod>
...
<certificateSource>
<certificateFromUser/>
Error message:
[Rule 1.2.2b violation] Network Test 1.2.2b Collection behavior for user authentication with certificateFromUser must be authenticateWithCertificate!
Case 3—Token based credentials.
Erroneous XML input text:
<displayName>Test 1.2.2c</displayName>
...
<authenticationNetwork>
...
<collectionBehavior>
<withCertificate> {not consistent with source, withToken required}
...
<authenticationMethod>
...
<tokenSource>
Error message:
[Rule 1.2.2c violation] Network Test 1.2.2c Collection behavior for user authentication with tokens must be authenticateWithToken!
See the description for element: collectionBehavior.
•Rule 2.1 Network policy for Wi-Fi associations must include at least one association mode.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes></allowedAssociationModes> {no child element specified}
Error message:
[Rule 2.1 violation] At least one association mode must be specified for networkPolicy/allowedAssociationModes!
See the description for element: allowedAssociationModes.
•Rule 2.1a Network policy for association mode must include openNoEncryptionfd to support networks with no authentication or shared secrets.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No open networks configured.}
</allowedAssociationModes>
....
<networks>
<wiredNetwork>
<displayName>Test 2.1a</displayName>
<openNetwork/> {Not allowed}
</wiredNetwork>
<wifiNetwork>
<displayName>Test 2.1a</displayName>
...
<openNetwork> {Not allowed}
...
</wifiNetwork>
Error message:
[Rule 2.1a violation] Network "Test 2.1a": openNetwork only allowed when openNoEncryption mode is selected!
See the description for element: openNetwork.
•Rule 2.1b Network policy for association mode must include openStaticWep to support any WEP static key network.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No open WEP configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1b</displayName>
...
<sharedKeyNetwork>
...
<wep>
...
<ieee80211Authentication>open</ieee80211Authentication> {Not allowed}
Error message:
[Rule 2.1b violation] Networks "Test2.1b": wep with ieee80211Authentication/open only allowed when policy openStaticWep mode is selected!
See the description for element: ieee80211Authentication.
•Rule 2.1c Network policy for association mode must include openStaticWep to support any WEP static key network.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No shared WEP configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1b</displayName>
...
<sharedKeyNetwork>
...
<wep>
...
<ieee80211Authentication>shared</ieee80211Authentication> {Not allowed}
Error message:
[Rule 2.1c violation] Networks "Test2.1c": wep with ieee80211Authentication/shared only allowed when policy sharedStaticWep mode is selected!
See the description for element: ieee80211Authentication.
•Rule 2.1c1 Network policy for association mode must include open1xDynamicWep to support any dynamic WEP authenticating network.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No WEP configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1c1</displayName>
...
<authenticationNetwork>
...
<associationMode>
<wep> {Not allowed}
Error message:
[Rule 2.1c1 violation] Network "Test 2.1c1": Authentication network with association mode WEP only allowed when policy open1xDynamicWep mode is selected!
See the description for element: associationMode.
•Rule 2.1d Network policy for association mode must include wpaPersonalTkip to support a WPA-Personal shared key network using TKIP encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No wpaPersonalTkip configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1d</displayName>
...
<sharedKeyNetwork>
...
<wpa>
...
<encryption>TKIP</encryption> {Not allowed}
Error message:
[Rule 2.1d violation] Network "Test 2.1d": wpa with encryption/TKIP only allowed when policy wpaPersonalTkip mode is selected!
See the description for element: encryption.
•Rule 2.1e Network policy for association mode must include wpaPersonalAes to support a WPA-Personal shared key network using AES encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No wpaPersonalAes configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1e</displayName>
...
<sharedKeyNetwork>
...
<wpa>
...
<encryption>AES</encryption> {Not allowed}
Error message:
[Rule 2.1e violation] Network "Test 2.1e": wpa with encryption/AES only allowed when policy wpaPersonalAes mode is selected!
See the description for element: wpa/encryption.
•Rule 2.1f Network policy for association mode must include wpa2PersonalTkip to support a WPA2-Personal shared key network using TKIP encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No wpa2PersonalTkip configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1f</displayName>
...
<sharedKeyNetwork>
...
<wpa2>
...
<encryption>TKIP</encryption> {Not allowed}
Error message:
[Rule 2.1f violation] Networks "Test 2.1f": wpa2 with encryption/TKIP only allowed when policy wpa2PersonalTkip mode is selected!
See the description for element: wpa2/encryption.
•Rule 2.1g Network policy for association mode must include wpa2PersonalAes to support a WPA2-Personal shared key network using AES encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No wpa2PersonalAes configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1g</displayName>
...
<sharedKeyNetwork>
...
<wpa2>
...
<encryption>AES</encryption> {Not allowed}
Error message:
[Rule 2.1g violation] Networks "Test 2.1g": wpa2 with encryption/AES only allowed when policy wpa2PersonalAes mode is selected!
See the description for element: wpa2/encryption.
•Rule 2.1h Network policy for association mode must include wpaEnterpriseTkip to support a WPA-Enterprise network using TKIP encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseAes/> {No wpaEnterpriseTkip configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1h</displayName>
...
<authenticationNetwork>
...
<associationMode>
<wpa>
<encryption>TKIP</encryption> {Not allowed}
Error message:
[Rule 2.1h violation] Network "Test 2.1h": wpa with encryption/TKIP only allowed when policy wpaEnterpriseTkip mode is selected!
See the description for element: associationMode.
•Rule 2.1i Network policy for association mode must include wpaEnterpriseAes to support a WPA-Enterprise network using AES encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No wpaEnterpriseAes configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1i</displayName>
...
<authenticationNetwork>
...
<associationMode>
<wpa>
<encryption>AES</encryption> {Not allowed}
Error message:
[Rule 2.1i violation] Network "Test 2.1i": wpa with encryption/AES only allowed when policy wpaEnterpriseAes mode is selected!
See the description for element: associationMode.
•Rule 2.1j Network policy for association mode must include wpa2EnterpriseTkip to support a WPA2-Enterprise network using TKIP encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseAes/> {No wpa2EnterpriseTkip configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1j</displayName>
...
<authenticationNetwork>
...
<associationMode>
<wpa2>
<encryption>TKIP</encryption> {Not allowed}
Error message:
[Rule 2.1j violation] Network "Test2.1j": wpa2 with encryption/TKIP only allowed when policy wpa2EnterpriseTkip mode is selected!
See the description for element: associationMode.
•Rule 2.1k Network policy for association mode must include wpa2EnterpriseAes to support a WPA2-Enterprise network using AES encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No wpa2EnterpriseAes configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1k</displayName>
...
<authenticationNetwork>
...
<associationMode>
<wpa2>
<encryption>AES</encryption> {Not allowed}
Error message:
[Rule 2.1k violation] Network "Test2.1k": wpa2 with encryption/AES only allowed when policy wpa2EnterpriseAes mode is selected!
See the description for element: associationMode.
•Rule 2.1l Network policy for association mode must include cckmEnterpriseTkip to support a WPA/WPA2-Enterprise network with CCKM key management and TKIP encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseTkip/> {No cckmEnterpriseTkip configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1l</displayName>
...
<authenticationNetwork>
...
<associationMode>
<cckm>
<encryption>TKIP</encryption> {Not allowed}
Error message:
[Rule 2.1l violation] Network "Test2.1l": cckm with encryption/TKIP only allowed when policy cckmEnterpriseTkip mode is selected!
See the description for element: associationMode.
•Rule 2.1m Network policy for association mode must include cckmEnterpriseAes to support a WPA/WPA2-Enterprise network with CCKM key management and AES encryption.
Erroneous XML input text:
<networkPolicy>
<allowedAssociationModes>
<wpaEnterpriseAes/> {No cckmEnterpriseAes configured.}
</allowedAssociationModes>
....
<networks>
<wifiNetwork>
<displayName>Test 2.1m</displayName>
...
<authenticationNetwork>
...
<associationMode>
<cckm>
<encryption>AES</encryption> {Not allowed}
Error message:
[Rule 2.1m violation] Network "Test2.1m": wpa2 with encryption/AES only allowed when policy wpa2EnterpriseAes mode is selected!
See the description for element: associationMode.
•Rule 2.2 Network policy for EAP methods must include at least one method.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods></allowedEapMethods> {no child element specified}
Error message:
[Rule 2.2 violation] At least one eapMethod must be specified for networkPolicy/allowedEapMethods!
See the description for element: allowedEapMethods.
•Rule 2.2a Network policy for EAP methods must include eapMd5 to support authenticating wired networks configured for EAP-MD5.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-MD5 configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2a</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapMd5> {Not allowed}
Error message:
[Rule 2.2a violation] Network "Test 2.2a" : eapMethod/eapMd5 requires allowedEapMethods/eapMd5.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2b Network policy for EAP methods must include eapMschapv2 to support authenticating wired networks configured for EAP-MSCHAPv2.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-MSCHAPv2 configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2b</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapMschapv2> {Not allowed}
Error message:
[Rule 2.2b violation] Network "Test 2.2b" : eapMschapv2 requires allowedEapMethods/eapMschapv2 mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2c Network policy for EAP methods must include eapGtc to support authenticating wired networks configured for EAP-GTC.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-GTC configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2c</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapGtc> {Not allowed}
Error message:
[Rule 2.2c violation] Network "Test 2.2c" : eapMethod/eapGtc requires allowedEapMethods/eapGtc mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2d Network policy for EAP methods must include leap to support authenticating wired or wireless networks configured for EAP-LEAP.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-LEAP configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2d</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<leap> {Not allowed}
Error message:
[Rule 2.2d violation] Network "Test 2.2d" : eapMethod/leap requires allowedEapMethods/leap mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2e Network policy for EAP methods must include eapTls to support authenticating wired or wireless networks configured for EAP-TLS in the outer tunnel.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-TLS configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2e</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapTls> {Not allowed}
Error message:
[Rule 2.2e violation] Network "Test 2.2e" : eapMethod/eapTls requires allowedEapMethods/eapTls mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2f Network policy for EAP methods must include eapTtls to support authenticating wired or wireless networks configured for EAP-TTLS.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-TTLS configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2f</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapTtls> {Not allowed}
Error message:
[Rule 2.2f violation] Network "Test 2.2f" : eapMethod/eapTtls requires allowedEapMethods/eapTtls mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2g Network policy for EAP methods must include eapPeap to support authenticating wired or wireless networks configured for EAP-PEAP.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapFast/> {No EAP-PEAP configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2g</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapPeap> {Not allowed}
Error message:
[Rule 2.2g violation] Network "Test 2.2g" : eapMethod/eapPeap requires allowedEapMethods/eapPeap mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 2.2h Network policy for EAP methods must include eapFast to support authenticating wired or wireless networks configured for EAP-FAST.
Erroneous XML input text:
<networkPolicy>
<allowedEapMethods>
<eapPeap/> {No EAP-FAST configured.}
</allowedEapMethods>
....
<networks>
<wiredNetwork>
<displayName>Test 2.2h</displayName>
...
<authenticationNetwork>
...
<authenticationMethod>
<eapFast> {Not allowed}
Error message:
[Rule 2.2h violation] Network "Test 2.2h" : eapMethod/eapFast requires allowedEapMethods/eapFast mode.
See the description for element: authenticationMethod or machineAuthentication or machine.
•Rule 3a SSC must be configured for at least one media type.
Erroneous XML input text:
<userControlPolicy>
...
<allowedMedia></allowedMedia> {Missing a child element.}
Error message:
[Rule 3a violation] At least one media type must be specified for userControlPolicy/allowedMedia!
See the description for element: allowedMedia.
•Rule 3b The general policy must be configured to allow wired media to support the configuring of a wired network.
Erroneous XML input text:
<networks>
<wiredNetwork> {Not allowed.}
<displayName>Test 3b</displayName>
...
<userControlPolicy>
...
<allowedMedia>
<wifi/> {Wired not configured.}
</allowedMedia>
Error message:
[Rule 3b violation] Network "Test 3b": wiredNetwork may not be present unless userControlPolicy/allowedMedia/wired is present.
See the description for element: wiredNetwork.
•Rule 3c The general policy must be configured to allow wireless media to support the configuring of a Wi-Fi network.
Erroneous XML input text:
<networks>
<wifiNetwork> {Not allowed.}
<displayName>Test 3c</displayName>
...
<userControlPolicy>
...
<allowedMedia>
<wired/> {Wireless not configured.}
</allowedMedia>
Error message:
[Rule 3c violation] Network "Test 3c": wifiNetwork may not be present unless userControlPolicy/allowedMedia/wifi is present.
See the description for element: wifiNetwork.
Return codes are implemented for identification of failures at each phase of processing. The following lists all the application return codes:
•0 Success
•1 Wrong arguments
•2 Unknown configuration file version
•3 Schema validation failed
•4 Business rules validation failed
•5 Referenced files cannot be found
•-1 Unexpected error (see stderr for details)