| Event Id | 25 |
| Source | HRA |
| Description | The Health Registration Authority was unable to validate the request with the Correlation ID %1 at IP address %2 (Principal: %3). The Network Policy Server denied the request because the request was not authorized (%4). See the Network Policy Server administrator for more information. |
| Event Information | According to Microsoft : Cause This event is logged when Health Registration Authority was unable to validate the request with the Correlation ID at IP address. Resolution Reset HRA HRA runs an Internet Information Services (IIS) worker process, w3wp.exe, that works with NPS to issue health certificates when a NAP client initiates a connection. If the process is idle for several minutes, the process ends until it is called again. This error condition indicates that the NPS service has become unavailable while w3wp.exe is running, possibly due to a temporary loss of network connectivity, or a restarting of the NPS service. You can wait for the w3wp.exe process to end, or you can end the current process, forcing a new w3wp.exe process to start. To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority. To end the w3wp.exe process: 1.On the computer where HRA is installed, click Start. 2.Right-click Command Prompt, and then click Run as Administrator. 3.In the command window, type taskkill /F /IM w3wp.exe, and then press ENTER. Confirm that the command completed successfully. If w3wp.exe has already ended without your intervention, confirm that the process was not found. Verify To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority. HRA uses IIS for validation of domain credentials. To verify that the IIS service on your HRA server has connectivity to the domain controller designated as the gobal catalog server: 1.On the computer where HRA is installed, click Start. 2.Right-click Command Prompt, and then click Run as Administrator. 3.In the command window, type nltest /server:servername /dsgetdc:domainname, where servername is the DNS name of the domain controller you have designated as a global catalog server, and domainname is the domain to which the server belongs, and then press ENTER. 4.Confirm that the command completed successfully. 5.In the Flags line of output, confirm that GC appears. To verify the client domain configuration is correct: 1.On a NAP client computer, click Start, click Control Panel, click System and Maintenance, and then click System. 2.Under Computer name, domain, and workgroup settings, verify that the Computer name, Full computer name, and Domain for your deployment are correct. To verify the IIS worker process (w3wp.exe) started successfully: 1.On a NAP client computer that is configured to use the current HRA, open an elevated command prompt. 2.In the command window, type net stop napagent && net start napagent, and then press ENTER. This command will restart the NAP Agent service and cause the client computer to request a new health certificate. 3.On the computer where HRA is installed, click Start, click Run, type eventvwr.msc, and then press ENTER. 4.In the console tree, double-click Windows Logs, and then click System. 5.In the details pane, review events with a Source of HRA and a current date and time. 6.Under Event ID, confirm that 1 is displayed in the list. |
| Reference Links | Event ID 25 from HRA |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.