服务器 Gind.cn
  1. 服务器 Gind.cn
  3. NAP客户端被评估为不支持NAP的
Intereting Posts
乘客/铁路不释放记忆 debian挂在启动“启动winbind守护进程:winbind” 由于神秘的文件丢失,组策略没有被应用 具有参数化的cloud-init脚本(参数化) Citrix VDI-In-a-Box以“里程碑快照” Windows 10路由NIC 1到NIC 2 通过单独(专用)接口路由networkingstream量的最简单方法是什么? 有多个域指向单个PHP脚本 有条件的代理命令在〜/ .ssh / config? 在UNIX中限制文件夹只接受某些types的文件(比如图像) 如果是最新的话,yum install local rpm会导致错误 debian:supress发现警告 SBS 2003通讯组未在Active Directory中显示,但仍然有效 将curl升级到最新的CentOS 6.3 CENTOS 5 – 如何在networking上将驱动器从一台服务器安装到另一台服务器上?

NAP客户端被评估为不支持NAP的

设置:Active Directory域,远程桌面网关服务器,NPS / NAP服务器(所有Windows Server 2008 R2)和一些Windows 7客户端。

RDG和NPS设置并运行所有连接请求和networking策略,一切都很好,除了NAP健康检查。 无论我在客户端做什么,它都被评估为不支持NAP的。

我启动NAP代理(napagent)服务,在NAP客户端configurationMMC(napclcfg.msc)中启用远程桌面网关隔离客户端,并将我的RDG URL https://rdg.company.com添加到Trusted Gateways列表无效,客户端Windows 7机器结束为“不支持NAP的”。

netsh nap客户端显示状态命令的输出也很好,一切看起来不错,因为它应该是根据NAP快速修复: https ://msdn.microsoft.com/en-us/library/dd348494( v= ws.10) .aspx

在客户端机器的事件查看器中,我可以看到NAP事件,从中我可以猜测,从客户端的angular度来看,一切正常,客户端79621已成功初始化,并且SystemHealthAgent似乎扫描并(据说)成功构buildSoH。

尽pipe如此,显然NAP服务器并没有从客户端获得SoH,因此将其归类为不支持NAP的原因。

由于我没有find任何进一步的调查和排除方法,我会很感激任何想法和/或build议。

提前感谢!

以下是一些诊断信息:

NAP客户端状态: 

PS C:\> netsh nap client show state Client state: ---------------------------------------------------- Name = Network Access Protection Client Description = Microsoft Network Access Protection Client Protocol version = 1.0 Status = Enabled Restriction state = Not restricted Troubleshooting URL = Restriction start time = Extended state = GroupPolicy = Not Configured Enforcement client state: ---------------------------------------------------- Id = 79617 Name = DHCP Quarantine Enforcement Client Description = Provides DHCP based enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79619 Name = IPsec Relying Party Description = Provides IPsec based enforcement for Network Access Protection Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79621 Name = RD Gateway Quarantine Enforcement Client Description = Provides RD Gateway enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = Yes Id = 79623 Name = EAP Quarantine Enforcement Client Description = Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No System health agent (SHA) state: ---------------------------------------------------- Id = 79744 Name = Windows Security Health Agent Description = The Windows Security Health Agent monitors security settings on your computer. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = Yes Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (3237937214) - The Windows Security Health Agent has finished updating the security state of th is computer. Compliance results = Remediation results = Ok.

networking访问保护\客户端上的操作事件日志: 

 Id : 1027 Message : The Windows Security Health Agent notified the Windows Network Access Protection Service of a change in the security health state of the computer. Id : 1007 Message : The Windows Security Health Agent completed an offline scan. Id : 9 Message : The enforcement client 79621 successfully initialized. Id : 1002 Message : The Windows Security Health Agent was initialized successfully. Scan Interval: 1320 minutes. Time delay before first scan: 45 seconds. Time interval between manual remediation state change: 15 seconds. Manual remediation timeout interval: 150 seconds. Id : 4 Message : The System Health Agent 79744 successfully initialized. Id : 100 Message : Sending Health Information to WHC: NapAgent is Active(1) Id : 1001 Message : The Windows Security Health Agent detected a change in the status of Automatic Updates. Id : 1000 Message : The Windows Security Health Agent detected a change in the status of Antispyware. Id : 1000 Message : The Windows Security Health Agent detected a change in the status of Antivirus. Id : 1000 Message : The Windows Security Health Agent detected a change in the status of Firewall. Id : 9 Message : The enforcement client 79871 successfully initialized. Id : 26 Message : The NAP service has started. NAP has the following information for this computer: Computer name is HOSTNAME.CORP.COMPANY.COM. Domain status is: Domain Joined. The build number is: 7601. The OS SKU is: CLIENT. The service pack version is: 1.0. The processor type is: x64 (AMD or Intel).