Troubleshooting NAP: Non NAP Capable client

I'm attempting to configure Network Access Protection via Remote Desktop Gateway but when I attempt to connect to a network resource via the RDGateway the connection fails with the error " ...your computer or device did not pass the Network Access Protection requirements ...".  
The Windows Security Logs on the RDGateway server show event id's 6272 and 6276, basically stating that the client is Non NAP Capable.  However, I have gone through all the troubleshooting steps I can find online for the client as well the server but nothing has worked so far.

The steps I used for my set-up can be found here:
http://technet.microsoft.com/en-us/library/gg618548(v=ws.10).aspx

I am working in a production domain with a brand new server acting as the RDGateway and NAP server.  Also, in my environment, I did not configure a Remote Desktop Session Host, but instead am attempting to connect to another available server.

On the server side, I temporarily altered the NPS Network "NAP RD Gateway Non NAP-Capable" policy to allow full network access just to verify that the policies are being processed and was able to connect just fine.

On the client, I downloaded and executed the tsgqecclientconfig.cmd as noted in the instructions, rebooted, and verified that the registry settings were correct.  
The command "netsh nap client show state" command returns the following:

C:\>netsh nap client show state

Client state:
----------------------------------------------------
Name                   = Network Access Protection Client
Description            = Microsoft Network Access Protection Client
Protocol version       = 1.0
Status                 = Enabled
Restriction state      = Not restricted
Troubleshooting URL    =
Restriction start time =
Extended state         =
GroupPolicy            = Not Configured

Enforcement client state:
----------------------------------------------------
Id                     = 79617
Name                   = DHCP Quarantine Enforcement Client
Description            = Provides DHCP based enforcement for NAP
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79619
Name                   = IPsec Relying Party
Description            = Provides IPsec based enforcement for Network Access Pr
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

Id                     = 79621
Name                   = RD Gateway Quarantine Enforcement Client
Description            = Provides RD Gateway enforcement for NAP
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = Yes

Id                     = 79623
Name                   = EAP Quarantine Enforcement Client
Description            = Provides Network Access Protection enforcement for EAP
as those used with 802.1X and VPN technologies.
Version                = 1.0
Vendor name            = Microsoft Corporation
Registration date      =
Initialized            = No

System health agent (SHA) state:
----------------------------------------------------
Id                     = 79744
Name                   = Windows Security Health Agent

Description            = The Windows Security Health Agent monitors security se

Version                = 1.0

Vendor name            = Microsoft Corporation

Registration date      =
Initialized            = Yes
Failure category       = None
Remediation state      = Success
Remediation percentage = 0
Fixup Message          = (3237937214) - The Windows Security Health Agent has f
is computer.

Compliance results     =
Remediation results    =

Id                     = 88048
Name                   = Intel(R) AMT SHA
Description            = Intel(R) AMT SHA Application
Version                = VER_PRODUCTVERSION_STR
Vendor name            = Intel(R)
Registration date      = 5/7/2010 11:50:27 AM
Initialized            = No
Failure category       = None
Remediation state      = Success
Remediation percentage = 0
Fixup Message          = (0) -

Ok.
------------------------------------------------------------------------------------------------------------------------------

These settings appear to be correct based on what I've found online so far.

I've allowed full access through all firewalls between the client and the server and tested access, so that doesnt appear to be the issue either.


From what I can gather, either the client is not sending a SoH, or the server is not recieving it.

If anyone has seen this issue before of think they might have a solution I'd certainly appreciate your assistance.

Thanks,

RGB
RGB42Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RGB42Author Commented:
This is solved.  

The SSL certificate imports into the user certificate store when you click it on it and go through the import wizard.  This is incorrect.
 
Instead of doing this, you have to pop open the Certificate mmc Console and manually import it into the computer certificate store.  Problem solved.

RGB
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ritseeCommented:
My issue was similar, same error. I had installed a new certificate using the certificates snap in, tested RDWeb and it was coming up with the new cert, so I thought cool, job done but no.

I had to go into the RD Gateway Manager and from there I could see there an error about the certificate. I had to then import the certificate and apply it, then this error went away.
0
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.