Event ID 1 — NAP Agent Communication with the SHA
Updated: May 25, 2011
Applies To: Windows Server 2008 R2
The Network Access Protection (NAP) Agent service must be able to communicate with installed system health agents (SHA) in order to manage the health status that is monitored and reported by a SHA. In order for this communication to take place, each installed SHA must initialize, register, and bind to the NAP Agent service.
|Product:||Windows Operating System|
|Message:||The System Health Agent %1 is installed but not registered with the NAP agent.|
Repair SHA communication error
There is a problem with SHA communication with NAP agent, possibly due to an error with the initialization, registration, or binding of the SHA. To resolve this error condition, attempt to reinitialize the SHA by restarting the NAP Agent service. If this fails, save information about the condition to a file and contact the SHA vendor.
To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
Restart NAP agent
To restart the NAP Agent service:
- On the NAP client computer, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as adminsistrator.
- In the command window, type net stop napagent && net start napagent, and then press ENTER.
- In the command output, confirm that the Network Access Protection Agent service stops and starts successfully.
- If the error is not resolved, see the following procedure.
Save information to a file
To save information about this condition to a file:
- In the command window, type netsh nap client show state >> <file>, where <file> is the location and name of the file you want to save, and then press ENTER. This command will save information about NAP client state to a file.
In the following example, configuration information is saved to a file named napstate.txt in the C:\ directory.
netsh nap client show state >> C:\napstate.txt
- In the command window, type eventvwr.msc, and press ENTER.
- In the Event Viewer console tree, navigate to Applications and Services Logs\Microsoft\Windows\Network Access Protection\Operational.
- Right-click Operational, and then click Save Events As.
- Enter a file name and location for the event file, and then click Save.
- In the Display Information dialog box, choose Display information for these languages, select your preferred language from the list, and then click OK.
- Give the files to the SHA vendor for analysis.
If you receive the error message "SHA not present ID 79744" this problem can also occur if default service permissions for NAP Agent, Security Center, or Windows Update are overwritten. To restore these permissions to the default state, run the following commands from an elevated DOS prompt:
sc sdset napagent D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;NO)(A;;CCLCSWRPWPDTLOCRRC;;;NS)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)sc sdset wuauserv D:(A;;CCLCSWRPLORC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOSDRCWDWO;;;WD)sc sdset wscsvc D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CR;;;AU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754844-3404434343-1444102779)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
To verify that the NAP Agent service is able to communicate with the installed SHAs:
- On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
- In the command window, type netsh nap client show state, and then press ENTER.
- In the command output, under System health agent (SHA) state, verify that the SHAs listed for your deployment are correct and initialized.
- In the command window, type eventvwr.msc, and then press ENTER.
- In the console tree, navigate to Applications and Services Logs\Microsoft\Windows\Network Access Protection\Operational.
- Right-click Operational, and then click Filter Current Log.
- Next to Event sources, select Network Access Protection.
- Under Includes/Excludes Event IDs, click the text box containing <All Event IDs>, type 27, and then click OK. All logged occurrences of event 27 will be displayed in the details pane.
- Under Date and Time, click on recent events, and review information on the General tab.
- Verify that each installed SHA is reporting client health status to NAP agent by confirming that the SHA ID is displayed in the following event message: "A Statement of Health with correlation ID ... was received from the System Health Agent <SHA ID>."