Export (0) Print
Expand All

HRA Discovery

Updated: May 25, 2011

Applies To: Windows Server 2008 R2

To use NAP with the IPsec enforcement method, client computers must be configured with trusted server group settings. Trusted server groups provide a list of Health Registration Authority (HRA) servers that NAP clients use when they request a health certificate. There are three methods available to configure trusted sever groups on the NAP client:

  1. Local computer settings. You can use the NAP client configuration console or command line to configure NAP settings on the local computer. If NAP client settings are configured in Group Policy, the local computer NAP client settings will be ignored.
  2. Group Policy settings. You can use the Group Policy Management Console (GPMC) on a computer with the Group Policy Management feature installed to configure NAP client settings in Group Policy.
  3. HRA autodiscovery. You can configure NAP clients to automatically discover HRA servers. To enable HRA autodiscovery, you must configure NAP client registry settings and DNS services (SRV) records. In addition, you must clear the local computer or Group Policy trusted server group settings.

Note: If the client computer is not using the NAP IPsec enforcement method, you can disable HRA autodiscovery.

Events

Event ID Source Message

39

Microsoft-Windows-NetworkAccessProtection

The Network Access Protection Agent was unable to determine which HRAs to request a health certificate from.
A network change or if GP is configured, a configuration change will prompt further attempts to acquire a health certificate. Otherwise no further attempts will be made.
Contact the HRA administrator for more information.

40

Microsoft-Windows-NetworkAccessProtection

The Network Access Protection Agent has dynamically discovered the following HRAs for this network (using the query %1):
%2
The DNS servers in your configuration at the time this discovery took place included:
%3

Related Management Information

IPsec Enforcement Client

NAP Infrastructure

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft