IT Support Guide

Below is information the IT organizations will need to be aware of in preparation for supporting the roll-out of Dukeblue to their users.

Please review the Dukeblue FAQs for additional information.

last updated: 11/3/2015

Dukeblue infrastructure

The Dukeblue encrypted wireless network utilizes the same network infrastructure as the Duke network including access points and controllers. If a user is unable to connect to Dukeblue, please verify the user can connect to the Duke or Visitor network.

In order to determine if the issue is a Dukeblue issue or a general wireless issue we will need the following information:

❖ User’s NetID
❖ What they were doing
❖ When they were doing it
❖ Where they were physically located
❖ Device type and OS 

Managed Devices

The SecureW2 installer requires limited administrative rights to a system. In some instances, if your users don’t have administrative rights, the Dukeblue configuration changes may need to be distributed to the users via a device management tool (Microsoft Configuration Manager 2012, BigFix, etc.) or it will require individual attention by IT support staff that do have administrative privileges. 

Images that a have been updated overtime

Errors have occurred during the installation process on systems where the image has “evolved” (been upgraded over time) versus those systems where a clean re-image occurs.

Untrusted certificate (or CA Root) alert – when NOT using the installer

The auto installer pre-configures the client with the certificates for the Duke RADIUS servers. When a user connects to Dukeblue the first time without using the installer, they will receive untrusted certificate or untrusted CA Root alert. The specific message is there because the user has not previously defined the RADIUS server’s identity.

3rd party wireless management software may create a conflict during installation

The SecureW2 auto installer scans for the following wireless managers:

– Broadcom
– DWLAN
– Intel® PROSet/Wireless WiFi Software
– Lenovo ThinkVantage

If the installer finds one if the wireless managers the user will receive the pop-up message below. It is recommended that you either manually configure the network settings or uninstall the 3rd party wireless controller, re-run the installer, and reload the wireless controller.

Warning: The following Third Party Wireless software was found: [insert name] Please be advised, such software has sometimes been known to cause conflicts with the native Windows wireless manager. If you encounter wireless connectivity issues, please consider disabling or removing the third party software and trying again via this configuration assistant.

Symantec Endpoint Protection warning disabled

A warning is not displayed when the installer finds Symantec Endpoint Protection.  

Due to the pervasive use of this application and the limited probability it will interfere with the installer, it was decided that users with Symantec Endpoint Protection would not receive the above mentioned warning.

It is likely the warning will result in a large number of aborted installs and/or unnecessary calls to the local IT support team and/or OIT Service Desk. 

Update network and host firewall rules that restrict access by IP number

In preparation for the campus-wide rollout of the Dukeblue, you may need to update your host firewall rules that restrict access to a host by IP number. The address range for the Dukeblue wireless subnets is 10.188.0.0/15 . Thus, the IP address of your user’s machines will change after connecting to Dukeblue.