We have a NAP-enabled network running here at Microsoft. I came in this morning and started checking my mail and was quarantined. Me! :->

We put a lot of effort into the diagnosabilty of NAP in Beta 2. I took a screenshot of the pop-up I received so you can see the new look:

 

This XML file can be imported into the Beta 2 Event Viewer Console. It will filter for our NAP events.

Here is the event text on the error I received:

Log Name:      System
Source:        Microsoft-Windows-NetworkAccessProtection
Date:          5/9/2006 9:07:56 AM
Event ID:      21
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      JEFFSI-FERRARI
Description:

The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id {2144B909-CAF6-4E1D-A706-6BE2A0457BC2} - 2006-05-09 16:07:56Z from
http://nap-hra1/domainhcs/hcsrvext.dll.

The request failed with the error code (404). This server will not be tried again for 240 minutes.

Notice the correlation-id above? It is a beautiful thing. You can go to the server, look through its logs, and actually match-up this ID to find out exactly what decisions the server made for this transaction.

Turns out for my issue above, our server admin brought up a new Beta 2 back-end last night which isn't configured correctly. The URL above isn't reachable, which is needed to obtain a new health certificate (NAP + IPsec scenario).

More to come...

 

Jeff Sigman [MSFT]
NAP Release Manager
Jeff.Sigman@online.microsoft.com *
http://blogs.technet.com/nap
 
* Remove the "online" to actually email me.
** This posting is provided "AS IS" with no warranties, and confers no rights.