Event ID 1022 — WSHA Client Remediation

  • Article

Applies To: Windows Server 2008

Remediation refers to the act or process of correcting a client configuration or software state that is not compliant with network health requirements. If Network Access Protection (NAP) policies are configured for automatic remediation, the Windows Security Health Agent (WSHA) will attempt to modify the client configuration to bring it into compliance with network health requirements.

For the WSHA, remediation of a client computer configuration depends on health requirements specified by the Windows Security Health Validator (WSHV) and the access of client computers to resources required to update and maintain their configuration to meet requirements of the WSHV.

Event Details

Product: Windows Operating System
ID: 1022
Source: Microsoft-Windows-SystemHealthAgent
Version: 6.0
Symbolic Name: MSSHA_EVENT_ANTISPYWARE_SIGNATURE_UPDATE_FAIL
Message: Automatic remediation for antispyware signatures failed. Windows could not update signatures for Windows Defender.
Failure Code: %1

Resolve

Enable Windows Defender and Windows Update services

This error condition indicates that the Windows Defender or Windows Update services are not running. To resolve this condition, enable these services.

To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

Configure Windows Defender

To enable the Windows Defender service for automatic startup and start the service:

  1. On the NAP client computer, click Start, click Run, type services.msc, and then press ENTER.
  2. In the console tree, double-click Windows Defender.
  3. In the Windows Defender Properties window, next to Startup type, choose Automatic.
  4. Under Service status, click Start.
  5. If the service has been started successfully, the service status will be displayed as Started. Click OK.
  6. Leave the Services console open for the following procedure.

Configure Windows Update

To enable the Windows Update service for automatic startup and start the service:

  1. In the console tree, double-click Windows Update.
  2. In the Windows Update Properties window, next to Startup type, choose Automatic.
  3. Under Service status, click Start.
  4. If the service has been started successfully, the service status will be displayed as Started. Click OK.
  5. Close the Services console.

Verify

To verify that remediation was successful and the client computer is compliant with requirements of the WSHV:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type netsh nap client show state, and then press ENTER.
  3. In the command output, under System health agent (SHA) state, locate Windows Security Health Agent.
  4. Verify that the value of Remediation state is Success and not Could not update.
  5. Verify that the value of Fixup Message is The Windows Security Health Agent has finished updating its security state and not The Windows Security Health Agent failed to update the security state of this computer.

WSHA Client Remediation

NAP Infrastructure