locked
Windows 2008 R2 DirectAccess with NAP RRS feed

  • Question

  • Hi all,

    I've problem with setting up the DA w/NAP in demo lab. I'm going through the TestLab Guides, however haven't succeeded :(

    I've theese computers instaled:

    - DA-DC01 (with DC, CA, NPS and HRA roles)
    - DA-DA01 (with DA feature)
    - DA-IIS01 (with IIS role, serves as NLS)
    - DA-APP01 (with CA role, serves as subordinate CA generating HRA certificates)
    - DA-W7 (Windows 7 Ent client)

    My problem is that DA works quite cute except the denying access for non-complaint computers. I've set the Health policy to require WFW and WU. If the client is in Intranet LAN and I disable WU, then autoremediation occures and WU is enabled again. If I do the same on Internet WAN, the remediation process does not start and the client remains compliant (napstat command shows "Full access" and the HRA certificate is not removed) - and it can contact the internal server, indeed.

    I've tried to find the problem with Troubleshooting Guide (both TestLab and that one in DA Design Guide) - no luck.

    What steps should I do, what kind of settings should I check?

    Thanks!


    R.*

    • Edited by R.Vojtek Wednesday, September 21, 2011 12:55 PM several typos
    Wednesday, September 21, 2011 12:53 PM

All replies

  • I've just found and EventId 3 in System EventLog on DA-DC01 (NPS/HRA server):

    "The Health Registration Authority encountered an error processing the response for the request with the correlation-id {8796884A-903E-4A82-9415-8972E5ACF98F}-2011-09-22 13:20:17Z at 2002:2ea7:f022:1:0:5efe:192.168.25.178 (principal: DA\DA-W7$) (error: 0x80004005).  Verify the Health Registration Authority configuration or contact it's administrator for more information."

    It occured about 1day ago with no warning before - there is a lot of HRA Info messages in EventLog (Approve, Deny) and bump: Error EventId 3...

    What now?


    R.*
    Thursday, September 22, 2011 1:34 PM
  • Well, now I'm facing this behavior (no change in settings, just reinstalling NPS/HRA role):

    DA-W7 in Internal network has disabled WU (Heatlh check on NPS requires firewall and WU turned on), however netstat shows "Full access" and computer does not hold HRA certificate.

    The Error (EventId 3) on DA-DC01 is occuring in 10min interval repeatedly...

    Does anybody know, what should I do now?

    Thanks!


    R.*
    • Edited by R.Vojtek Friday, September 23, 2011 8:30 AM typos
    Friday, September 23, 2011 8:30 AM