Share via


Event ID 20210 — RRAS NAP and Network Access Quarantine Control

Applies To: Windows Server 2008

Network Access Protection (NAP) provides a platform to help ensure that client computers on a private network meet administrator-defined requirements for system health. NAP enforcement occurs at the moment client computers attempt to access the network through network access servers, such as a virtual private network (VPN) server running Routing and Remote Access, or when client computers attempt to communicate with other network resources.

Network Access Quarantine Control is similar in function to NAP VPN enforcement, but it provides added protection for remote access connections only. NAP provides added protection for Internet Protocol security (IPsec)-based communications, 802.1X authenticated connections, VPN connections, Dynamic Host Configuration Protocol (DHCP) configuration, and Terminal Services Gateway (TS Gateway) connections.

.

Event Details

Product: Windows Operating System
ID: 20210
Source: RemoteAccess
Version: 6.0
Symbolic Name: ROUTERLOG_RASQEC_BIND_ERROR
Message: The Network Access Protection (NAP) enforcement client failed to register with the Network Access Protection Agent (NapAgent) service. Some network services or resources may not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access server.

Resolve

Restart or enable NAP Agent service or enable remote access quarantine client

Possible resolutions:

  • Restart the NAP Agent service
  • Register the NAP enforcement client with the NAP Agent service.

To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

Follow the procedures in the order in which they appear until the problem is resolved.

Restart the NAP Agent service

To restart the NAP Agent service:

  1. Click Start, click Control Panel, click System and Maintenance, and then click Administrative Tools.
  2. Double-click Services.
  3. In the services list, right-click Network Access Protection Agent, and then click Restart.

Enable the remote access quarantine enforcement client

To enable the remote access quarantine enforcement client:

  1. Click Start, click All Programs, click Accessories, and then click Run.
  2. Type napclcfg.msc, and then press ENTER.
  3. In the console tree, click Enforcement Clients.
  4. In the details pane, right-click Remote Access Quarantine Enforcement Client, and then click Enable.
  5. Close the NAP Client Configuration window.

Enable and start the NAP Agent service

To enable and start the NAP Agent service:

  1. Click Start, click Control Panel, click System and Maintenance, and then click Administrative Tools.
  2. Double-click Services.
  3. In the services list, double-click Network Access Protection Agent.
  4. In the Network Access Protection Agent Properties dialog box, change the Startup type to Automatic, and then click Start.
  5. Wait for the NAP Agent service to start, and then click OK.
  6. Close the Services console.

Verify

To verify that NAP remote access enforcement clients are installed and initialized:

  1. On the NAP client computer, click Start, point to All Programs, click Accessories, and then click Command Prompt.
  2. In the command window, type netsh nap client show configuration, and then press ENTER.
  3. If the client computer's NAP configuration is determined by Group Policy, type netsh nap client show grouppolicy, and then press ENTER.
  4. In the command output, under Enforcement clients, verify that the enforcement clients listed for your deployment are correct, and that the enforcement clients in use on your network have an Admin value of Enabled.
  5. In the command window, type netsh nap client show state, and then press ENTER.
  6. In the command output, under Enforcement client state, verify that all enforcement clients listed for your deployment are correct, and that the enforcement clients that are enabled on the client computer have an Initialized value of Yes.

RRAS NAP and Network Access Quarantine Control

Routing and Remote Access Service Infrastructure