Trusted Server Groups Are Not Found

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

This event occurs when a Network Access Protection (NAP) client computer does not have trusted server group settings. You can ignore this event if it occurs on a NAP client that is not using the NAP with Internet Protocol security (IPsec) enforcement method, or you can prevent the occurrence of this event by configuring a trusted server group. This event can also occur if trusted server group settings are configured in local policy settings and other NAP client settings are configured in Group Policy.

Description of system behavior

If a NAP client computer is using the IPsec enforcement method and cannot determine the Health Registration Authority (HRA) configuration, it will be unable to acquire a health certificate and its network access might be restricted. If a NAP client computer is using another enforcement method, this condition will have no effect on network access.

Associated operating system events

  • NAP client event ID 39: The Network Access Protection Agent was unable to determine which HRAs to request a health certificate from. A network change or if GP is configured, a configuration change will prompt further attempts to acquire a health certificate. Otherwise no further attempts will be made. Contact the HRA administrator for more information.

Root cause diagnosis and resolution

To resolve this issue, see Event ID 39 – HRA Discovery (https://go.microsoft.com/fwlink/?LinkID=136784).