Share via


2.4.2 HRA Auto-Discovery

HRA groups can be set by group policy or can be discovered automatically by the NAP client using DNS SRV lookup, as specified in [RFC2782]. A NAP client discovers a suitable HRA at start-up using the following sequence:

  1. Query SRV records for HRAs in the Active Directory site of the client (for example, _hra._tcp.<sitename>._sites.<domainname>)

  2. Query SRV records for HRAs in the Active Directory domain of the client (for example, _hra._tcp.<domainname>)

  3. Query SRV records for HRAs in the DNS domain of the client (for example, _hra._tcp.<DNSname>)

To enable HRA auto discovery, a registry setting entry MUST be represented in the machine-specific Registry Policy file as follows:

Key: Software\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups

Value: "EnableDiscovery" or one of the value names specified in the table in [MS-GPREG] section 3.2.5.1 specifying how the value is deleted.

Type: REG_DWORD.

Size: Equal to the size of the Data field.

Data: A 32-bit unsigned integer.

Value

Meaning

0x00000000

Disables HRA auto discovery.

0x00000001

Enables HRA auto discovery.