Fixing Health Certificate Problems

Updated: March 29, 2012

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

This section describes and provides solutions for problems that might occur with health certificates when you use Network Access Protection (NAP) with the Internet Protocol security (IPsec) enforcement method.

When you use NAP with IPsec enforcement, health certificates are issued to compliant NAP client computers. NAP client computers request health certificates from a Health Registration Authority (HRA) server, which will acquire a health certificate from a NAP certification authority (CA) on behalf of the NAP client computer if it is determined to be compliant with health requirements. Configuration of HRA and the NAP CA differs slightly, depending on whether the NAP CA is an enterprise CA or a standalone CA.

The following is a list of known problems and solutions associated with health certificates in a NAP deployment. Problems and solutions that might be inter-related are noted and linked if needed. Problems that have more than one possible root cause are noted and have more than one proposed solution. Choose the problem that best describes your situation, and then complete the procedures for the suggested fix. This list will be continuously updated as new problems and solutions are found.

See Also

Community Additions