locked
Windows 7 reported as non nap-capable RRS feed

  • Question

  • Hello everyone,

     

    I have a little problem with my NPS NAP server.
    First of it is a Windows 2008 R2 server, it also is a Domain controler, we use it for 802.1x dynamic VLANs.

    It worked correct but all af a sudden it says that our windows 7 and vista test machines are non nap-capable.

    I can't figure out why cause it should be.

    The machine gets set in the right vlan so that work good but it should be seen as a nap capable device.

    I have checked if the services Wired config and network access protection are running and on both machines they are started automatic, also i have ran the commands in the troubleshoot topic and that also didn't give any error.

    If you have any idea please let me know cause i have non, also if you need any information please let me known what.

     

    Greating Meaglin

    • Edited by meaglin Thursday, August 12, 2010 4:07 PM added info
    Thursday, August 12, 2010 2:21 PM

Answers

  • oke guys,

    I have installed a new server made it work on that one. made sure it all worked.
    then exported the config on the working server, imported it on the old not correctly working server and now it works again.

    for 2 strait days now.

    Greatings Meaglin

    • Marked as answer by Miles Zhang Friday, September 3, 2010 1:36 AM
    Wednesday, August 18, 2010 3:16 PM

All replies

  • Hi,

    Thanks for the post.

    Please run the following commands on the problematic client.

    netsh NAP client show state

    netsh NAP client show group

    Please post the results here.

     

    Meanwhile, please collect the MPSReport from the NPS server.

    1. Download proper MPS Report tool from the website below.

    Microsoft Product Support Reports
    http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

    2. Double-click to run it, if requirement is not met, please follow the wizard to download and install them. After that, click Next, when the "Select the diagnostics you want to run" page appears, select "General", “Internet and Networking”, “Business Networks”, “Server Components”, click Next.

    3. After collecting all log files, choose "Save the results", choose a folder to save <Computername>MPSReports.cab file.

    For your convenience, I have created a workspace for you.  You can upload the information files to the following link.  (Please choose "Send Files to Microsoft")
     
    Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=028c9f20-e88c-4049-b821-673a00f6d9ce)
    Password: j8)7*Qx0Nu+l
     
    Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken.  Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.

    Thanks,

    Miles

     

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, August 13, 2010 7:48 AM
  • Thanks for the help, i uploaded the requested file.

     

    and here is the output of the 2 other commands.

     

    netsh NAP client show state:

    Client Status:
    -------------------------------------------------- -
    Name = NAP (Network Access Protection) client
    Description = Microsoft NAP (Network Access Protection) client
    Protocol Version = 1.0
    Status = Enabled
    Status = Not limited restriction
    Troubleshooting URL =
    Starting time limit =
    Extensive status =

    Client execution status:
    -------------------------------------------------- -
    Id = 79617
    Name = DHCP Quarantine Enforcement Client
    Description = This is DHCP-based NAP provided reinforcement for
    Version = 1.0
    Supplier Name = Microsoft Corporation
    Record =
    Initialized = No

    Id = 79618
    Name = Client Remote Access Quarantine Enforcement
    Description = This is the ratification of quarantine remote access client supplied
    Version = 1.0
    Supplier Name = Microsoft Corporation
    Record =
    Initialized = No

    Id = 79619
    Name = IPSec Relying Party
    Description = This is based on IPSec forcing for NAP (Network Access Protection) provided
    Version = 1.0
    Supplier Name = Microsoft Corporation
    Record =
    Initialized = No

    Id = 79621
    Name = Client for quarantine ratification TS Gateways
    Description = To be confirmed for NAP TS Gateway
    Version = 1.0
    Supplier Name = Microsoft Corporation
    Record =
    Initialized = No

    Id = 79623
    Name = EAP Quarantine Enforcement Client
    Description = This is based on EAP NAP provided reinforcement for
    Version = 1.0
    Supplier Name = Microsoft Corporation
    Record =
    Initialized = Yes

    Status SHA (System Health Agent):
    -------------------------------------------------- -
    Id = 79744
    Name = Windows Security Status Monitoring
    Description = Windows Control security status to verify whether a computer that meets the policy defined by an administrator.
     
    Version = 1.0
     
    Supplier Name = Microsoft Corporation
     
    Record =
    Initialized = Yes
    Error = No Category
    Status re averaging = Passed
    Rate averaging re = 0
    Recovery Message = (3237937214) - The security status of the Windows System State Agent is updated.
     
    Results compatibility =
    Results averaging re =

    OK.

     

    netsh NAP client show group

    NAP client configuration (group policy):
    -------------------------------------------------- -

    NAP client configuration:
    -------------------------------------------------- -

    CSP (Cryptographic Service Provider) = Microsoft RSA SChannel Cryptographic Provider, key length = 2048
     

    Hash algorithm = sha1RSA (1.3.14.3.2.29)

    Forcing clients to:
    -------------------------------------------------- -
    Name = DHCP Quarantine Enforcement Client
    Id = 79617
    Admin = Disabled

    Name = Client Remote Access Quarantine Enforcement
    Id = 79618
    Admin = Disabled

    Name = IPSec Relying Party
    Id = 79619
    Admin = Disabled

    Name = Client for quarantine ratification TS Gateways
    Id = 79621
    Admin = Disabled

    Name = EAP Quarantine Enforcement Client
    Id = 79623
    Admin = Enabled

    Client Tracking:
    -------------------------------------------------- -
    Status = Disabled
    Level = Disabled

    OK.

     

    These 2 are translated from dutch.

     

    I also found the command napstat.exe here on the forums, I ran it and it says that it is fine.

    And also for test purpose I'm reinstalling the windows 7 client.
    If it is needed i can also upload the NPS config.

    Friday, August 13, 2010 12:30 PM
  • even with a freshly installed client it doesn't work. so should it be a server problem or still al client mis configuration?

    Greatings

    Friday, August 13, 2010 3:07 PM
  • oke guys,

    I have installed a new server made it work on that one. made sure it all worked.
    then exported the config on the working server, imported it on the old not correctly working server and now it works again.

    for 2 strait days now.

    Greatings Meaglin

    • Marked as answer by Miles Zhang Friday, September 3, 2010 1:36 AM
    Wednesday, August 18, 2010 3:16 PM