This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Help needed!! MSSHA causing XP SP3 Machines to freeze: Event ID:1002 & 1007

Question
0

Sign in to vote

Hi

I have a problem with MSSHA causing all of our XP SP3 Machines to freeze on logon and then after every hour. Stopping the napagent service makes the issue go away.

Anyone able to shed any light on what may be causing this??

Events Showing on the eventlog:

_______________________________________________________________________
Event Type: Information
Event Source: MSSHA
Event Category: None
Event ID: 1002
Date:  xx/xx/20xx
Time:  xx:xx:xx
User:  N/A
Computer: PC-XXXX
Description:
The Windows Security Health Agent was initialized successfully.

Scan Interval: 60 minutes.

Time delay before first scan: 35 seconds.

Time interval between manual remediation state change: 15 seconds.

Manual remediation timeout interval: 150 seconds.
_______________________________________________________________________
Event Type: Information
Event Source: MSSHA
Event Category: None
Event ID: 1007
Date:  xx/xx/20xx
Time:  xx:xx:xx
User:  N/A
Computer: PC-XXXX
Description:
The Windows Security Health Agent completed an offline scan.

Number of Updates : 0.

Update Titles : No Updates found.
________________________________________________________________________

Following commands run:

_______________________________________________________________________

C:\WINDOWS>netsh NAP client show state

Client state:
----------------------------------------------------
Name                   = Network Access Protection Client
Description            = Microsoft Network Access Protection Client
Protocol version       = 1.0
Status                 = Enabled
Restriction state      = Not restricted
Troubleshooting URL    =
Restriction start time =
Extended state         =

Enforcement client state:
----------------------------------------------------
Id                     = 79617
Name                   = DHCP Quarantine Enforcement Client
Description            = Provides DHCP based enforcement for NAP
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79618
Name                   = Remote Access Quarantine Enforcement Client
Description            = Provides the quarantine enforcement for RAS Client
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79619
Name                   = IPSec Relying Party
Description            = Provides IPSec based enforcement for Network Access Pro
tection
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79620
Name                   = Wireless Eapol Quarantine Enforcement Client
Description            = Provides wireless Eapol based enforcement for NAP
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79621
Name                   = TS Gateway Quarantine Enforcement Client
Description            = Provides TS Gateway enforcement for NAP
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79623
Name                   = EAP Quarantine Enforcement Client
Description            = Provides EAP based enforcement for NAP
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

System health agent (SHA) state:
----------------------------------------------------
Id                     = 79744
Name                   = Windows Security Health Agent

Description            = The Windows Security Health Agent checks the compliance
of a computer with an administrator-defined policy.

Version                = 1.0

Vendor name            = Microsoft Corporation

Registration date      =
Initialized            = Yes
Failure category       = None
Remediation state      = Success
Remediation percentage = 0
Fixup Message          = (3237937214) - The Windows Security Health Agent has fi
nished updating its security state.

Compliance results     =
Remediation results    =

Id                     = 79745
Name                   = Configuration Manager System Health Agent
Description            = Configuration Manager System Health Agent facilitates e
nforcement of software update compliance using Network Access Protection.
Version                = 2007
Vendor name            = Microsoft Corporation
Registration date      = 26/03/2010 16:25:15
Initialized            = Yes
Failure category       = None
Remediation state      = Success
Remediation percentage = 100
Fixup Message          = (90507) - Configuration Manager NAP Client Agent is not
enabled, Client will be deemed compliant.
Compliance results     =
Remediation results    = (0x00000000) - (null)

Ok.

_______________________________________________________________________

C:\WINDOWS>netsh NAP client show group

NAP client configuration (group policy):
----------------------------------------------------

NAP client configuration:
----------------------------------------------------

_______________________________________________________________________

C:\WINDOWS>netsh NAP client show config

NAP client configuration:
----------------------------------------------------

Cryptographic service provider (CSP) = Microsoft RSA SChannel Cryptographic Prov
ider, keylength = 2048

Hash algorithm = sha1RSA (1.3.14.3.2.29)

Enforcement clients:
----------------------------------------------------
Name            = DHCP Quarantine Enforcement Client
ID              = 79617
Admin           = Disabled

Name            = Remote Access Quarantine Enforcement Client
ID              = 79618
Admin           = Disabled

Name            = IPSec Relying Party
ID              = 79619
Admin           = Disabled

Name            = Wireless Eapol Quarantine Enforcement Client
ID              = 79620
Admin           = Disabled

Name            = TS Gateway Quarantine Enforcement Client
ID              = 79621
Admin           = Disabled

Name            = EAP Quarantine Enforcement Client
ID              = 79623
Admin           = Disabled

Client tracing:
----------------------------------------------------
State = Disabled
Level = Disabled

Ok.
_______________________________________________________________________

Thanks For your time

Chris

Tuesday, January 18, 2011 5:12 PM

All replies

0

Sign in to vote

Hi Chris,

Thanks for posting here.

Can you verify the “Number of hours since last scanned” setting that for Windows XP in Windows Security health validator properties ?

For more information please refer to the link below:

NAP FAQ: Enforcing Security Updates (out-of-the-box)

http://blogs.technet.com/b/nap/archive/2008/04/24/nap-faq-enforcing-security-updates-out-of-the-box-2.aspx

Thanks.

Tiger Li
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Wednesday, January 19, 2011 7:38 AM
0

Sign in to vote
As far as I know there is no WSHV, I have checked our sccm servers. Also any ideas as to why the machines freezes up during the Scan? Disabling the nap service even though its currently not used seems a bit excessive.
- Edited by Chris705 Wednesday, January 19, 2011 11:26 AM
Wednesday, January 19, 2011 10:36 AM
0

Sign in to vote

More events from the system log.

__________________________________________________________________________________________________________________________________________________________

Event Type: Information
Event Source: NapAgent
Event Category: None
Event ID: 26
Date:  19/01/2011
Time:  09:26:22
User:  N/A
Computer: PC-xxxx
Description:
The NAP service has started.
NAP has the following information for this computer:
Computer name is PC-xxxx
Domain status is: Domain Joined.
The OS SKU is: CLIENT.
The service pack version is: 3.0.
The processor type is: 0.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Event Type: None
Event Source: NapAgent
Event Category: None
Event ID: 4
Date:  19/01/2011
Time:  09:26:22
User:  N/A
Computer: PC-xxxx
Description:
The System Health Agent 79745 successfully initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date:  19/01/2011
Time:  09:26:22
User:  NT AUTHORITY\SYSTEM
Computer: PC-xxxx
Description:
The Network Access Protection Agent service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date:  19/01/2011
Time:  09:26:22
User:  N/A
Computer: PC-xxxx
Description:
The Network Access Protection Agent service entered the running state.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Event Type: None
Event Source: NapAgent
Event Category: None
Event ID: 9
Date:  19/01/2011
Time:  09:26:22
User:  N/A
Computer: PC-xxxx
Description:
The enforcement client 79871 successfully initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Event Type: Warning
Event Source: NapAgent
Event Category: None
Event ID: 39
Date:  19/01/2011
Time:  09:26:22
User:  N/A
Computer: PC-xxxx
Description:
The Network Access Protection Agent was unable to determine which HRAs to request a health certificate from.
A network change or if GP is configured, a configuration change will prompt further attempts to acquire a health certificate. Otherwise no further attempts will be made.
Contact the HRA administrator for more information.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Event Type: None
Event Source: NapAgent
Event Category: None
Event ID: 4
Date:  19/01/2011
Time:  09:26:22
User:  N/A
Computer: PC-xxxx
Description:
The System Health Agent 79744 successfully initialized.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

__________________________________________________________________________________________________________________________________________________________

Wednesday, January 19, 2011 11:25 AM
0

Sign in to vote

Any ideas??

Wednesday, January 26, 2011 10:27 AM
0

Sign in to vote

Chis705 you resolve this problem?

Monday, October 8, 2012 3:49 PM