locked
SHA Not Present RRS feed

  • Question

  • I am trying the IPsec Enforcement Lab

     

    since I have only one windows vista, I used another Windows 2008 (WS2) as the 2nd client

     

    after I gpupdate, right after I logged in an NAP message pops up said SHA Not Present

     

    I did  netsh nap client show state and show grouppolicy, results are normal.

     

    is it I need to manually install this agent???

     

    thank you

    Friday, May 16, 2008 10:39 PM

Answers

  • Hi,

     

    Server 2008 does not have Security Center, which is reqired for the Windows SHA. That's why the SHA is not included and it cannot be installed. I'm afraid this won't work as a NAP client unless you install a different SHA.

     

    However, you can still use this for your test. Instead of making it a NAP client, you can use an exemption certificate. Install an exemption certificate on this computer exactly as described for the HRA server. This will cause the computer to behave as if it is compliant. When you want to make it behave as if it is noncompliant, simply delete the certificate.

     

    I hope this helps, 

    -Greg

    Friday, May 16, 2008 11:09 PM

All replies

  • Hi,

     

    Server 2008 does not have Security Center, which is reqired for the Windows SHA. That's why the SHA is not included and it cannot be installed. I'm afraid this won't work as a NAP client unless you install a different SHA.

     

    However, you can still use this for your test. Instead of making it a NAP client, you can use an exemption certificate. Install an exemption certificate on this computer exactly as described for the HRA server. This will cause the computer to behave as if it is compliant. When you want to make it behave as if it is noncompliant, simply delete the certificate.

     

    I hope this helps, 

    -Greg

    Friday, May 16, 2008 11:09 PM
  • Thank you very much

     

    I thought there is some way I can install the agent

     

     

    Friday, May 16, 2008 11:26 PM
  • The Forefront Client Security 1.0 (FCS) NAP integration releases very soon. When it does, you should finally be able to get Windows Server 2008 acting as a NAP Client (simply because we have a System Health Agent [SHA]). Keep a look out on the NAP blog for details!

     

     

    {Jeff Sigman}{Senior Program Manager & NAP Hero}{Enterprise Security Group}

    {NAP Blog, FAQ, Forum, MSDN, Site and my bloÿg}

    Monday, May 19, 2008 6:09 PM