U-g-o
asked on
Why Does SEP LiveUpdate Fail on a Non-Compliant NAP-DHCP Client?
Hi,
I'm currently testing NAP-DHCP in our environment. NAP components have been installed on a Win 2008 R2 enforcement server and NPS policies defined too. However, once I enable NAP on a DHCP scope, I can ping, view and use shares on the SEP remediation server, from our Win 7 clients. But, when I try running liveupdate on this same machine, it fails to contact to the server. And when I check the SEP client's connection status, it says 'Connected'.
What am I missing? Pls advise.
I'm currently testing NAP-DHCP in our environment. NAP components have been installed on a Win 2008 R2 enforcement server and NPS policies defined too. However, once I enable NAP on a DHCP scope, I can ping, view and use shares on the SEP remediation server, from our Win 7 clients. But, when I try running liveupdate on this same machine, it fails to contact to the server. And when I check the SEP client's connection status, it says 'Connected'.
What am I missing? Pls advise.
ASKER
@David,
Thanks for your feedback. The NAP setup has all components running, but the SEP liveupdate still fails to run successfully. I'm wondering if there's an additional component that needs to be installed for SEP definition-updates to run.
Thanks for your feedback. The NAP setup has all components running, but the SEP liveupdate still fails to run successfully. I'm wondering if there's an additional component that needs to be installed for SEP definition-updates to run.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I've requested that this question be deleted for the following reason:
Not enough information to confirm an answer.
Not enough information to confirm an answer.
ASKER
Hi,
Sorry for my long absence; I've been unavoidably offline for some time. Pls leave the question open; I'll log a more informed update after my checks in the coming days.
Sorry for my long absence; I've been unavoidably offline for some time. Pls leave the question open; I'll log a more informed update after my checks in the coming days.
netsh nap client show state
and also
napagent
NAP prevent communication between compliance clients with non-compliant clients, NAP don´t disconnect clients that's why you see the status connected.
What NAP does is to verify if the client is compliant with SHVs (System Health Validators) defined by your organization, when all the requirements are in place this clients can access to the Secure Network, Boundary Network and restricted Network.
When a client is non-compliant he just have access to a limited Network in this case a Restricted Network until he become compliant, he can check the remediation servers because NAP remediation servers can provide updates and services to noncompliant client computers. Depending on the design of your remediation network, and a remediation server can also be accessible by compliant computers.
I hope it helps.