I've been NAP'd!
We have a NAP-enabled network running here at Microsoft. I came in this morning and started checking my mail and was quarantined. Me! :->
We put a lot of effort into the diagnosabilty of NAP in Beta 2. I took a screenshot of the pop-up I received so you can see the new look:
This XML file can be imported into the Beta 2 Event Viewer Console. It will filter for our NAP events.
Here is the event text on the error I received:
Log Name: System
Source: Microsoft-Windows-NetworkAccessProtection
Date: 5/9/2006 9:07:56 AM
Event ID: 21
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: JEFFSI-FERRARI
Description:The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id {2144B909-CAF6-4E1D-A706-6BE2A0457BC2} - 2006-05-09 16:07:56Z from https://nap-hra1/domainhcs/hcsrvext.dll.
The request failed with the error code (404). This server will not be tried again for 240 minutes.
Notice the correlation-id above? It is a beautiful thing. You can go to the server, look through its logs, and actually match-up this ID to find out exactly what decisions the server made for this transaction.
Turns out for my issue above, our server admin brought up a new Beta 2 back-end last night which isn't configured correctly. The URL above isn't reachable, which is needed to obtain a new health certificate (NAP + IPsec scenario).
More to come...
Jeff Sigman [MSFT]
NAP Release Manager
Jeff.Sigman@online.microsoft.com *
https://blogs.technet.com/nap
* Remove the "online" to actually email me.
** This posting is provided "AS IS" with no warranties, and confers no rights.