locked
802.1X Wireless RRS feed

  • Question

  • Hi

    I just tried to set up an NPS server , my win7 client (wireless) is geting  authenticated and getting the IP address also ,but its hitting the policy at the bottom (Non Nap Capable) clients . In fact i am having NAP Compliant policy just above that ,which is not getting executed . Any Idea ?

    nap client state is shown below

     

     

    Client state:
    ----------------------------------------------------
    Name                   = Network Access Protection Client
    Description            = Microsoft Network Access Protection Client
    Protocol version       = 1.0
    Status                 = Enabled
    Restriction state      = Not restricted
    Troubleshooting URL    =
    Restriction start time =
    Extended state         =
    GroupPolicy            = Not Configured

    Enforcement client state:
    ----------------------------------------------------
    Id                     = 79617
    Name                   = DHCP Quarantine Enforcement Client
    Description            = Provides DHCP based enforcement for NAP
    Version                = 1.0
    Vendor name            = Microsoft Corporation
    Registration date      =
    Initialized            = No

    Id                     = 79619
    Name                   = IPsec Relying Party
    Description            = Provides IPsec based enforcement for Network Access Pro
    tection
    Version                = 1.0
    Vendor name            = Microsoft Corporation
    Registration date      =
    Initialized            = No

    Id                     = 79621
    Name                   = RD Gateway Quarantine Enforcement Client
    Description            = Provides RD Gateway enforcement for NAP
    Version                = 1.0
    Vendor name            = Microsoft Corporation
    Registration date      =
    Initialized            = No

    Id                     = 79623
    Name                   = EAP Quarantine Enforcement Client
    Description            = Provides Network Access Protection enforcement for EAP
    authenticated network connections, such as those used with 802.1X and VPN techno
    logies.
    Version                = 1.0
    Vendor name            = Microsoft Corporation
    Registration date      =
    Initialized            = Yes

    System health agent (SHA) state:
    ----------------------------------------------------
    Id                     = 79744
    Name                   = Windows Security Health Agent

    Description            = The Windows Security Health Agent monitors security set
    tings on your computer.

    Version                = 1.0

    Vendor name            = Microsoft Corporation

    Registration date      =
    Initialized            = Yes
    Failure category       = None
    Remediation state      = Success
    Remediation percentage = 0
    Fixup Message          = (3237937214) - The Windows Security Health Agent has fi
    nished updating the security state of this computer.

    Compliance results     =
    Remediation results    =

    Id                     = 79745
    Name                   = Configuration Manager System Health Agent
    Description            = Configuration Manager System Health Agent facilitates e
    nforcement of software update compliance using Network Access Protection.
    Version                = 2007
    Vendor name            = Microsoft Corporation
    Registration date      = 4/3/2010 12:08:17 AM
    Initialized            = Yes
    Failure category       = None
    Remediation state      = Success
    Remediation percentage = 100
    Fixup Message          = (90701) - The Configuration Manager System Health Agent
     is compliant with the required software updates.
    Compliance results     =
    Remediation results    = (0x00000000) - (null)


    Ok.

     

     

    Monday, April 26, 2010 3:02 PM

All replies

  • Hi

    do we need windows 2008 R2 server for enabling nap on windows 7 clients ? i tried windows 2008 standard server with sp1 and windows 7 client , no luck

    on wired and wireless i am unable to authenticate my client against the health policy rule , moment i remove the health policy condition from the network  policy the client get authenticated and gets the ip address . i am using nortel ERS 5520 switch on wired and nortel 2270 wlan controller for wireless . Even its getting the correct vlan also. computer based authentication is used . PEAP is enabled on client . enforce NAP also checked .

    no idea why NAP is not working,  any suggestion,please

    binu

     

    Tuesday, April 27, 2010 2:17 PM