Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

HRA Server Role

Updated: June 24, 2009

Applies To: Windows Server 2008

Health Registration Authority (HRA) is responsible for validating client credentials and then forwarding a certificate request to a certification authority (CA) on behalf of Network Access Protection (NAP) clients. HRA validates certificate requests by checking with Network Policy Server (NPS) to determine if the NAP client is compliant with network health requirements. NAP clients use health certificates to communicate on an IPsec-protected network.


The following is a list of all aspects that are part of this managed entity:

Name Description

HRA Status

HRA uses an Internet Information Services (IIS) worker process, w3wp.exe, to issue health certificates when a NAP client initiates a connection. If the process is idle for several minutes, it is terminated until it is called again.

The w3wp.exe process cannot start if HRA does not have a valid configuration or adequate physical resources.

Local Request Processing

Health Registration Authority (HRA) uses a HTTP/HTTPS interface to read and process Network Access Protection (NAP) client health certificate requests. This interface can be configured with custom settings, called request policy, that require NAP client computers to use specified security methods when communicating with HRA.

By default, HRA is configured to allow client computers to use any of the available request policy methods. You can also specify custom settings. If you configure a custom request policy on HRA, you must ensure that NAP clients use these security methods to request health certificates.

Remote Request Processing

Health Registration Authority (HRA) requires a connection to Network Policy Server (NPS) for validation of Network Access Protection (NAP) client health status. In a domain environment, HRA also requires a connection to the Active Directory global catalog for authentication of client credentials.

Related Management Information

NAP Infrastructure

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft