locked
Windows 10 VPN not Nap-Capble RRS feed

  • Question

  • I have Windows 2012 R2 DA and VPN running. It all seems to work. I can setup a VPN connection to my server, but RRAS show it as "Not Nap-Capable".  I cannot figure out why it is being labeled that way.

    Any idea.

    Thursday, August 13, 2015 12:52 AM

Answers

  • Hi rlawrimore,

    According to your description, I guess that you have set NAP enforcement for VPN, and network policy enable NAP-Capable client to connect. However, Windows 10 doesn’t support NAP client configuration, so RRAS shows “non NAP Capable”.

    I found that win 10 doesn’t support NAP configuration in the following article:

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa369702(v=vs.85).aspxin

    In order to enable Windows 10 to connect to VPN, we may create a network policy  that allow access to non nap-capable client. And ensure when win 10 connect to VPN, it will not match other network policy’s condition, so that the connection will not be denied by other policy.

    Best regards,

    Anne he


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.




    Friday, August 14, 2015 5:44 AM

All replies

  • Hi rlawrimore,

    According to your description, I guess that you have set NAP enforcement for VPN, and network policy enable NAP-Capable client to connect. However, Windows 10 doesn’t support NAP client configuration, so RRAS shows “non NAP Capable”.

    I found that win 10 doesn’t support NAP configuration in the following article:

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa369702(v=vs.85).aspxin

    In order to enable Windows 10 to connect to VPN, we may create a network policy  that allow access to non nap-capable client. And ensure when win 10 connect to VPN, it will not match other network policy’s condition, so that the connection will not be denied by other policy.

    Best regards,

    Anne he


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.




    Friday, August 14, 2015 5:44 AM
  • I earlier found this article, which describes NAP is removed from Windows 10.
    So the Windows 10 VPN will be Not-Nap-Capable.

    https://social.technet.microsoft.com/Forums/en-US/f11af86f-6027-4c93-b110-8bcc7a5b2ec6/network-access-protection-nap-client-removed?forum=WinPreview2014General

    I also am stunned by this move from MS.
    We used this for our wireless solution, as 2-factor authentication.
    WPA2-enterprise PEAP (ms-chapv2) User authentication and the Client-Machine information from the AD as the thing you have.

    With this move, the only way to do this has ended. So, now we have to look for another solution. Hopefully some company fills this gap. Cause I don't expect it will come back (through a update or so) I think MS did not realise what for other solutions NAP delivers to customers except the security.


    Monday, August 24, 2015 7:59 AM