Solved: Re: Cisco AnyConnect NAM with profile editor

kamarale · ‎07-11-2012

Hello,I´m trying to use the anyconnect NAM with also the anyconnect profile editor for 802.1x
I created a profile (.xml) with the editor but I don´t know how to apply it to a client(anyconnect).
If anyone can give me some instructons I would appreciate it.

Thanks in advance.
Regards.

Amjad Abdullah · ‎07-11-2012

i hope this link is useful, it illustrates everything:

https://supportforums.cisco.com/docs/DOC-23117

Install and run the standalone profile editor (your second download); you only need the Network Access Manager component

a. Once installed, open the profile editor and configure a new profile, e.g. allow EAP types, disable Wired port management, etc.

b. File / Save as...

c. Name the file configuration.xml. This naming convention is required

d. Save the configuration file to the //Profiles/nam folder

3. Run the main Secure Mobility Client setup installer (setup.exe) from . This installs the AnyConnect framework and modules. Select the Network Access Manager modules. No other modules are necessary or required for managing wireless networks

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Mike.Cifelli · ‎04-26-2021

Software Download - Cisco Systems

Profile Editor (Windows)

tools-anyconnect-win-4.10.00093-profileeditor-k9.msi

FYSA: default install location on windows = C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager

View solution in original post

Tarik Admani · ‎07-11-2012

You will have to use a centralize software management solution in order to get this file out and in the proper location.

Thanks,

Tarik Admani

kamarale · ‎07-11-2012

Isn´t it enough with the anyconnect NAM and the profile editor? What do you mean with "centralize software management solution" ?

Thanks.

Tarik Admani · ‎07-11-2012

To build the profile yes, however you need to push these files to all your clients and you need to distribute this xml to the rest of your organization.

For doing some testing you can modify the current xml that the profile editor is on and save and even some cases restart the machine for new changes to take effect. Which xml file are you modifying?

Thanks,

tarik Admani

Amjad Abdullah · ‎07-11-2012

i hope this link is useful, it illustrates everything:

https://supportforums.cisco.com/docs/DOC-23117

Install and run the standalone profile editor (your second download); you only need the Network Access Manager component

a. Once installed, open the profile editor and configure a new profile, e.g. allow EAP types, disable Wired port management, etc.

b. File / Save as...

c. Name the file configuration.xml. This naming convention is required

d. Save the configuration file to the //Profiles/nam folder

3. Run the main Secure Mobility Client setup installer (setup.exe) from . This installs the AnyConnect framework and modules. Select the Network Access Manager modules. No other modules are necessary or required for managing wireless networks

Amjad

Rating useful replies is more useful than saying "Thank you"

kamarale · ‎07-11-2012

Thanks Amjad.

Regards.

RolandoCasinillo14752 · ‎04-26-2021

Please me give me link to download nam profile editor. tnx.

Mike.Cifelli · ‎04-26-2021

Software Download - Cisco Systems

Profile Editor (Windows)

tools-anyconnect-win-4.10.00093-profileeditor-k9.msi

FYSA: default install location on windows = C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager

Andrii Oliinyk · ‎10-04-2021

Hi Mike

i ran of my feet fighting failure to save customized configuration.xml in NewConfigFiles ending with Unable to sign & write file.

If i save config in different location & then copy it to NewConfigFiles & then restart AC file gets renamed into configuration_bad.xml. Editor is 4.10.

Parsing DART logs shows:

16: DESKTOP-36ABVFG: Oct 04 2021 19:22:09.471 -0100: %NAM-3-ERROR_MSG: %[tid=5308]: The configuration is invalid and will be ignored. Error: "allowUnauthPacProvisioning" tag is required.
....
19: DESKTOP-36ABVFG: Oct 04 2021 19:22:09.477 -0100: %NAM-6-INFO_MSG: %[tid=5308]: Invalid development version of configuration file.

....

& yeah there is no option "If using PACs, allow unauthenticated PAC provisioning" in editor 4.10 (& i havnt other)

Mike.Cifelli · ‎10-04-2021

@Andrii Oliinyk

If i save config in different location & then copy it to NewConfigFiles & then restart AC file gets renamed into configuration_bad.xml. Editor is 4.10.

-This typically means that something is goofed in the xml file based on what you configured. Hence why it gets renamed to configuration_bad.xml. My suggestion would be to try replacing the configuration.xml with your new one under the main location on 1 test client: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\system

If you get the same error try recreating a new xml profile and focus on your settings. HTH!

Andrii Oliinyk · ‎10-04-2021

hi Mike

it ends in the same manner: configuration.xml gets renamed into *_bad.xml with the same error:

13: DESKTOP-36ABVFG: Oct 04 2021 18:37:30.145 -0100: %NAM-6-INFO_MSG: %[tid=33044]: Invalid development version of configuration file.
15: DESKTOP-36ABVFG: Oct 04 2021 18:37:30.148 -0100: %NAM-4-WARNING_MSG: %[tid=33044]: The configuration is invalid and will be ignored. Error: User Configuration (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\system\/userConfiguration.xml) file not found - only user configuration will be ignored.
...

it looks like NAM is not happy with absence of mentioned above option, but editor dosnt have it in the place where it should be...

Andrii Oliinyk · ‎10-04-2021

now i'm sure the absence of "allowUnauthPacProvisioning" is a root cause: i unchecked "use PACs" & after that profile has been consumed by NAM.

wth.? why "if use PACs allowUnauthPacProvisioning" is absent in the editor?