locked
NonDomain client cant get HRA certificate (EventID 43) RRS feed

  • Question

  • hi,

    I am implementing IPsec enforcement of NAP using the IPsec step by step guide, the issue ocurred is that Client 2 that is my Workgroup user can't get HRA cerificate. on the other hand when i disable the firewall it will auto remediate in a second and firewall become on again, but i cant see the certificate in the local certificate Snap-In. Following is the error i saw in the event viewer

    Log Name:      Microsoft-Windows-NetworkAccessProtection/Operational
    Source:        Microsoft-Windows-NetworkAccessProtection
    Date:          5/5/2011 11:33:44 PM
    Event ID:      43
    Task Category: None
    Level:         Error
    Keywords:     
    User:          NETWORK SERVICE
    Computer:      client-2
    Description:
    The Network Access Protection Agent failed to deposit a certificate for the request with the correlation-id {67C7CE72-B975-477F-A036-89B6D65E46F3} - 2011-05-05 18:33:43.908Z from https://nps1.xxx.xxx/nondomainhra/hcsrvext.dll.
    ValidityPeriod of the certificate is below threshold (2147944331).
    Contact the HRA administrator for more information.

    Kindly Help me out!


    Thanks & Regards, Jazeel Ahmed Siddiqui
    Thursday, May 5, 2011 2:36 PM

Answers

  • Sorry Guys for late reply, on the day when i posted this problem i can't see HRA certificate in the mmc console and at the night my machine was accidently turned off due to power failure. on the next day when i started my machines everything is working fine, i can see the cerificate named Unauthorized System Health Authrntication with Intended purpose of System Health Authentication. i dont know how this happens but it's working now, if any one can guess what the problem is, at that time because i haven't done a single click after that, so kindly share it with me. Thanks
    Thanks & Regards, Jazeel Ahmed Siddiqui
    • Marked as answer by Rick Tan Tuesday, May 10, 2011 4:11 AM
    Monday, May 9, 2011 6:01 PM

All replies

  • Hi,

    What validity period do you have configured for health certificates in the HRA console?

    -Greg

    Sunday, May 8, 2011 7:21 AM
  • Hi Customer,

       Please open HRA--- right-click Certification Authority---click Properties,

       Check Number of minutes to wait between requests when a server is identified as unavailable value is 5 minutes by default.

       Check The certificates approved by this Health Registration Authority will be valid for value is 4 hours by default.

       Please verify NAP client configuration to troubleshooting HRA.

    Configure an HRA Server for NAP

    http://technet.microsoft.com/es-es/library/dd314161(WS.10).aspx

    Troubleshooting HRA

    http://technet.microsoft.com/en-us/library/cc754465.aspx


    Regards, Rick Tan
    Monday, May 9, 2011 5:05 AM
  • Sorry Guys for late reply, on the day when i posted this problem i can't see HRA certificate in the mmc console and at the night my machine was accidently turned off due to power failure. on the next day when i started my machines everything is working fine, i can see the cerificate named Unauthorized System Health Authrntication with Intended purpose of System Health Authentication. i dont know how this happens but it's working now, if any one can guess what the problem is, at that time because i haven't done a single click after that, so kindly share it with me. Thanks
    Thanks & Regards, Jazeel Ahmed Siddiqui
    • Marked as answer by Rick Tan Tuesday, May 10, 2011 4:11 AM
    Monday, May 9, 2011 6:01 PM
  • In my case the error above was caused by a big clock skew between the domain and the non-domain client
    • Proposed as answer by persinin Thursday, June 9, 2011 7:02 AM
    Thursday, June 9, 2011 7:01 AM