Certificate Acquistion and Deletion
Applies To: Windows Server 2008
If a NAP client computer is not able to contact the HRA server, or if server components are not correctly configured on HRA servers, certification authority (CA) servers, or Network Policy Server (NPS), the client computer will not be able to obtain a health certificate. IPsec policies typically restrict network communication of computers that do not have a valid health certificate.
A compliant NAP client computer might not be able to obtain a health certificate from an HRA server for the following reasons:
- An error in trusted server group configuration of the NAP client
- Network connectivity problems on the HRA server, the CA server, or the NAP client
- A configuration problem on the HRA server
- A configuration problem on the CA server associated with the HRA
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The server was not available to service the request (%3). This server will not be tried again for %4 minutes. See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The server denied access to the request (%3). This server will not be tried again for %4 minutes. See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The request failed with the error code (%3). This server will not be tried again for %4 minutes. See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent successfully acquired a certificate for the request with the correlation-id %2 from %1. The certificate can be identified by its thumbprint of %3 |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent successfully deleted the certificate with the thumbprint of %1. The certificate has expired or the health state of the client has changed or a replacement certificate has been acquired. See the administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to delete the certificate with the thumbprint of %1. The certificate could not be found or the Network Access Protection Agent has insufficient privileges to delete the certificate (%2). See the administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection agent failed to initialize the following enrollment configuration. HRA Group : %1 CSP Name : %2 Key Specification : %3 Key Length : %4 Signature Algorithm : %5 The intialization failed with the error code (%6). See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The server was not available to service the request (%3). See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The server denied access to the request (%3). See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The request failed with the error code (%3). See the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection agent failed to get a certificate for the request with correlation-id %2 from %1. The server presented a certificate that is not trusted for Enterprise authentication. This server will not be tried again for %4 minutes. Contact the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection agent failed to get a certificate for the request with correlation-id %2 from %1. The validation of the server certificate for SSL resulted in an error %3, the certificate is not appropriate for SSL. This server will not be tried again for %4 minutes. Contact the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection agent failed to get a certificate for the request with correlation-id %2 from %1. The server presented a certificate that is not trusted for Enterprise authentication. Contact the HRA administrator for more information. |
|
Microsoft-Windows-NetworkAccessProtection |
The Network Access Protection agent failed to get a certificate for the request with correlation-id %2 from %1. The validation of the server certificate for SSL resulted in an error %3, the certificate is not appropriate for SSL. Contact the HRA administrator for more information. |