Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Why Does SEP LiveUpdate Fail on a Non-Compliant NAP-DHCP Client?

Posted on 2014-07-31
6
Medium Priority
?
291 Views
Last Modified: 2014-08-28
Hi,

I'm currently testing NAP-DHCP in our environment. NAP components have been installed on a Win 2008 R2 enforcement server and NPS policies defined too. However, once I enable NAP on a DHCP scope, I can ping, view and use shares on the SEP remediation server, from our Win 7 clients. But, when I try running liveupdate on this same machine, it fails to contact to the server. And when I check the SEP client's connection status, it says 'Connected'.

What am I missing? Pls advise.
0
Comment
Question by:U-g-o
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40233898
You can see the napagent status on the machine and check what is being enforced through this command.
netsh nap client show state
and also
napagent

NAP prevent communication between compliance clients with non-compliant clients, NAP don´t disconnect clients that's why you see the status connected.

What NAP does is to verify if the client is compliant with SHVs (System Health Validators) defined by your organization, when all the requirements are in place this clients can access to the Secure Network, Boundary Network and restricted Network.

When a client is non-compliant he just have access to a limited Network in this case a Restricted Network until he become compliant, he can check the remediation servers because NAP remediation servers can provide updates and services to noncompliant client computers. Depending on the design of your remediation network, and a remediation server can also be accessible by compliant computers.

I hope it helps.
0
 

Author Comment

by:U-g-o
ID: 40236007
@David,

Thanks for your feedback. The NAP setup has all components running, but the SEP liveupdate still fails to run successfully. I'm wondering if there's an additional component that needs to be installed for SEP definition-updates to run.
0
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 1500 total points
ID: 40236149
Hi U-g-o,

probably it´s because SEP is not integrated with NAP. SEP has its own NAP Enforcement called SNAC.

You could check this Question posted here in EE they explain very well the concepts.

Let us know if helped.

Regards
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 40281927
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 

Author Comment

by:U-g-o
ID: 40281928
Hi,

Sorry for my long absence; I've been unavoidably offline for some time. Pls leave the question open; I'll log a more informed update after my checks in the coming days.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question