Event ID 20213 — VPN NAP Enforcement Client Configuration

  • Article

Applies To: Windows Server 2008 R2

A Network Access Protection (NAP) enforcement client is responsible for requesting access to a network, communicating a client computer's health status to the NAP server that is authorizing the network access, and communicating the connection status of the client computer to other components of the NAP client architecture. A NAP-capable client is a computer that has the NAP components installed and can verify its health state by sending a statement of health (SoH) to NPS.

The remote access enforcement client enforces health policies when a client computer attempts to gain access to the network through a virtual private network (VPN) connection.

Event Details

Product: Windows Operating System
ID: 20213
Source: RasMan
Version: 6.1
Symbolic Name: ROUTERLOG_RASQEC_APIRCV_ERROR
Message: The Network Access Protection (NAP) enforcement client received an invalid request for the following remote access connection: %d. The connection does not exist. Retry the remote access connection.

Resolve

Restore NAP connection

ROUTERLOG_RASQEC_APIRCV_ERROR

There is no NAP connection ID that corresponds to the specified RAS connection handle because NAP is not enabled on the RAS connection.

Check the status of the NAP Agent service

To check the status of the NAP Agent service:

  1. Click Start, point to Administrative Tools, and then click Services.
  2. Check that the Network Access Protection Agent service is started. If not, start the service.

Check the status of the RAS Quarantine enforcement clients

To check the status of the RAS Quarantine enforcement clients:

  1. Open NAP Client Configuration. Click Start, click Run, type napclcfg.msc, and then press ENTER.
  2. Click Enforcement Clients.
  3. In the details pane, under Enforcement Clients, check that Remote Access Quarantine Enforcement Client status is Enabled. If it is not, right-click Remote Access Quarantine Enforcement Client, and then click Enable.

After the two services are enabled and running, try to set up the connection again.

Verify

To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
  3. Click Connect to a workplace, and then click Next.
  4. Complete the steps in the Connect to a Workplace wizard.

To connect to a remote access server:

  1. In Network and Sharing Center, click Manage network connections.
  2. Double-click the VPN connection, and then click Connect.
  3. Verify that the connection was established successfully.

VPN NAP Enforcement Client Configuration

Routing and Remote Access Service Infrastructure