Event Id | 23 |
Source | HRA |
Description | The Health Registration Authority was unable to validate the request with the Correlation ID %1 at IP address %2 (Principal: %3). The Network Policy Server was not available to service the request (%4). See the Network Policy Server administrator for more information. |
Event Information | According to Microsoft : Cause This event is logged when Health Registration Authority was unable to validate the request with the Correlation ID at IP address Resolution Install or enable NPS This error condition indicates that the NPS service is unavailable. Check that NPS is running and is not disabled, and make sure the NPS server role is installed correctly. If NPS on the local computer is configured as a RADIUS proxy, then confirm connectivity to the NAP health policy server in a remote RADIUS server group. To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority. Check NPS service availabilityTo determine if the NPS service is installed and running on the local HRA server and, if applicable, on remote RADIUS servers: 1.On the computer where HRA is installed, click Server Manager. 2.Under Roles Summary, click Go to Manage Roles. 3.Under Network Policy and Access Services, confirm the status of Network Policy Server is Installed. a.If the NPS service is not installed, click Add Role Services, select the Network Policy Server check box, and complete the wizard to install NPS. 4.Under Network Policy and Access Services, click Go to Network Policy and Access Services. 5.Under System Services, confirm that the status of Network Policy Server is Running. a.If the NPS service is not running, click Network Policy Server, and then click Start. b.Confirm that the NPS service starts successfully. 6.If HRA is installed on a server running NPS as a RADIUS proxy: a.Repeat steps 1-5 of this procedure on all remote NAP health policies servers used to evaluate connection requests sent from this HRA. b.Check network connectivity to each remote server running NPS. Check network connectivity 1.On the computer where HRA is installed, click Start. 2.Right-click Command Prompt, and then click Run as Administrator. 3.In the command window, type rpcping -s servername, where servername is the DNS name of the remote server running NPS, and then press ENTER. 4.Confirm that the response reads, "Completed 1 calls." 5.Repeat this procedure for each remote NAP health policy server used by this HRA. 6.If the remote server running NPS is not available, contact your network administrator. Verify To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority. To verify that the NPS service is running and configured to evaluate client health status, use the following procedure to generate a health certificate request on a client computer and verify that client health status is correctly evaluated: 1.On a NAP client computer that is configured to use the current HRA, open an elevated command prompt. 2.In the command window, type net stop napagent && net start napagent, and then press ENTER. This command will restart the NAP Agent service and cause the client computer to request a new health certificate. 3.On the computer with NPS installed and configured as a NAP health policy server, click Start, click Run, type eventvwr.msc, and then press ENTER. 4.In the console tree, double-click Windows Logs, and then click Security. 5.In the details pane, review events with a Task Category of NPS and a current date and time. If the client computer is compliant with network health requirements, or NPS is configured for reporting mode, confirm that 6278 is displayed in the list under Event ID. If the client computer is not compliant with network health requirements, and NPS is configured for deferred enforcement, confirm that 6277 is displayed in the list under Event ID. If the client computer is not compliant with network health requirements, and NPS is configured for full enforcement, confirm that 6276 is displayed in the list under Event ID. |
Reference Links | Event ID 23 from HRA |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.