Event ID 1003 — Windows Security Center

  • Article

Applies To: Windows Server 2008

By default, the Windows Security Health Agent (WSHA) will be installed with the Network Access Protection (NAP) client on computers running Windows Vista or Windows XP with Service Pack 3 (SP3). The WSHA monitors health status of Windows Security Center and reports this information to the NAP Agent service.

In order for the status of Windows Security Center to be reported to the NAP Agent service, WSHA must be successfully initialized so that it can update changes in client health status.

Event Details

Product: Windows Operating System
ID: 1003
Source: Microsoft-Windows-SystemHealthAgent
Version: 6.0
Symbolic Name: MSSHA_EVENT_INITIALIZE_FAIL
Message: The Windows Security Health Agent could not be initialized.
Failure Code: %1

Resolve

Check the status of WSHA and restart the Security Center service

To resolve this error condition, check the status of WSHA and restart the Windows Security Center service.

To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

Check the status of WSHA

To check the status of WSHA:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. In the command window, type netsh nap client show state, and then press ENTER.
  3. In the command output, review the information under System health agent (SHA) state.
  4. Confirm that WSHA failed to initialize.
  5. Leave the command window open for the following procedure.

Restart the Windows Security Center service

To restart the Windows Security Center service:

  1. In the command window, type net stop wscsvc && net start wscsvc, and then press ENTER.
  2. Confirm that the results read, "The Security Center service was stopped successfully" and "The Security Center service was started successfully."
  3. In the command window, type netsh nap client show state, and then press ENTER.
  4. In the command output, under System health agent (SHA) state, confirm that the WSHA has been initialized successfully.

Verify

To verify that WSHA can report the health status of the client computer, check that WSHA is present and initialized, and that the Windows Security Center service is started. WSHA is dependent on the Windows Security Center service to monitor the client's health state. If Windows Security Center is not running, then WSHA will not be initialized.

To verify that WSHA is installed and initialized:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type netsh nap client show state, and then press ENTER.
  3. In the command output, in the System health agent (SHA) state section, verify that Windows Security Health Agent appears, and that the value of Initialized is Yes.

To verify that the Windows Security Center service is running:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type net start, and then press ENTER.
  3. In the command output under These Windows services are started, verify that Security Center appears.

Windows Security Center

NAP Infrastructure