NAP client not capable at boot, becomes capable after more than 1 minute

win2008r2, nap-protected dhcp setup, nap settings win7 clients pushed via gpo.

the clients boots "non nap-capable" mode, , switches "nap capable" while @ logon screen more 1 minute.

this excerpt nps log first radius query first dhcprequest client generates after reboot, second block first request having soh attached client, note timecodes. see following post.

this delay allows user interactively log in (with cached credentials) despite not having ip configured, or prevents user log in if not done due dc not being reachable.

please advice.

luigi

adding log entries again:

<event> <timestamp data_type="4">05/02/2012 17:36:05.446</timestamp> <computer-name data_type="1">dhcpnps02</computer-name> <event-source data_type="1">ras</event-source> <service-type data_type="0">12</service-type> <ms-identity-type data_type="0">1</ms-identity-type> <nas-port-type data_type="0">15</nas-port-type> <ms-network-access-server-type data_type="0">3</ms-network-access-server-type> <called-station-id data_type="1">192.168.0.0</called-station-id> <ms-service-class data_type="2"> </ms-service-class> <calling-station-id data_type="1">00155ddcf016</calling-station-id> <ms-machine-name data_type="1">minint-devtest</ms-machine-name> <nas-identifier data_type="1">dhcpnps02</nas-identifier> <acct-session-id data_type="1">931711348</acct-session-id> <nas-ip-address data_type="3">192.168.0.237</nas-ip-address> <framed-ip-address data_type="3">192.168.0.12</framed-ip-address> <proxy-policy-name data_type="1">nap enforced dhcp</proxy-policy-name> <provider-type data_type="0">1</provider-type> <class data_type="1">311 1 fe80::188a:dfc9:d167:b33a 05/02/2012 12:28:09 137</class> <authentication-type data_type="0">7</authentication-type> <np-policy-name data_type="1">dhcp non nap-capable</np-policy-name> <quarantine-update-non-compliant data_type="0">1</quarantine-update-non-compliant> <packet-type data_type="0">1</packet-type> <reason-code data_type="0">0</reason-code> </event> <event> <timestamp data_type="4">05/02/2012 17:36:05.446</timestamp> <computer-name data_type="1">dhcpnps02</computer-name> <event-source data_type="1">ras</event-source> <class data_type="1">311 1 fe80::188a:dfc9:d167:b33a 05/02/2012 12:28:09 137</class> <quarantine-update-non-compliant data_type="0">1</quarantine-update-non-compliant> <np-policy-name data_type="1">dhcp non nap-capable</np-policy-name> <acct-session-id data_type="1">931711348</acct-session-id> <authentication-type data_type="0">7</authentication-type> <proxy-policy-name data_type="1">nap enforced dhcp</proxy-policy-name> <provider-type data_type="0">1</provider-type> <packet-type data_type="0">3</packet-type> <reason-code data_type="0">65</reason-code> </event> (...) <event> <timestamp data_type="4">05/02/2012 17:37:18.080</timestamp> <computer-name data_type="1">dhcpnps02</computer-name> <event-source data_type="1">ras</event-source> <service-type data_type="0">12</service-type> <ms-identity-type data_type="0">1</ms-identity-type> <nas-port-type data_type="0">15</nas-port-type> <ms-network-access-server-type data_type="0">3</ms-network-access-server-type> <called-station-id data_type="1">192.168.0.0</called-station-id> <ms-service-class data_type="2"> </ms-service-class> <calling-station-id data_type="1">00155ddcf016</calling-station-id> <ms-machine-name data_type="1">minint-devtest</ms-machine-name> <nas-identifier data_type="1">dhcpnps02</nas-identifier> <acct-session-id data_type="1">1135103416</acct-session-id> <nas-ip-address data_type="3">192.168.0.237</nas-ip-address> <framed-ip-address data_type="3">192.168.0.12</framed-ip-address> <proxy-policy-name data_type="1">nap enforced dhcp</proxy-policy-name> <provider-type data_type="0">1</provider-type> <class data_type="1">311 1 fe80::188a:dfc9:d167:b33a 05/02/2012 12:28:09 145</class> <quarantine-session-id data_type="1">{1ae773bb-84e3-49db-a7ff-3551e07008a2} - 2012-05-02 15:37:06.791z</quarantine-session-id> <machine-inventory data_type="1">6.1.7600 0.0 x86 workstation</machine-inventory> <fully-qualified-machine-name data_type="1">devdom\minint-devtest$</fully-qualified-machine-name> <authentication-type data_type="0">7</authentication-type> <np-policy-name data_type="1">dhcp nap compliant</np-policy-name> <quarantine-update-non-compliant data_type="0">1</quarantine-update-non-compliant> <packet-type data_type="0">1</packet-type> <reason-code data_type="0">0</reason-code> </event> <event> <timestamp data_type="4">05/02/2012 17:37:18.080</timestamp> <computer-name data_type="1">dhcpnps02</computer-name> <event-source data_type="1">ras</event-source> <class data_type="1">311 1 fe80::188a:dfc9:d167:b33a 05/02/2012 12:28:09 145</class> <ms-extended-quarantine-state data_type="0">0</ms-extended-quarantine-state> <ms-quarantine-state data_type="0">0</ms-quarantine-state> <service-type data_type="0">2</service-type> <framed-protocol data_type="0">1</framed-protocol> <quarantine-update-non-compliant data_type="0">1</quarantine-update-non-compliant> <acct-session-id data_type="1">1135103416</acct-session-id> <proxy-policy-name data_type="1">nap enforced dhcp</proxy-policy-name> <provider-type data_type="0">1</provider-type> <quarantine-session-id data_type="1">{1ae773bb-84e3-49db-a7ff-3551e07008a2} - 2012-05-02 15:37:06.791z</quarantine-session-id> <machine-inventory data_type="1">6.1.7600 0.0 x86 workstation</machine-inventory> <fully-qualified-machine-name data_type="1">devdom\minint-devtest$</fully-qualified-machine-name> <authentication-type data_type="0">7</authentication-type> <system-health-result data_type="1">windows security health validator:compliant:no data:none[]:(0x0 - ):(0x0 - ):(0x0 - ):(0x0 - ):(0x0 - ):(0x0 - ):(0x0 - ):(0x0 - )</system-health-result> <system-health-resultex data_type="1"> <shv-name data_type="1">windows security health validator</shv-name> <config-id data_type="0">0</config-id> <config-friendly-name data_type="1"> </config-friendly-name> <health-result data_type="1">compliant</health-result> <extended-isolation-state data_type="1">no data</extended-isolation-state> <failure-category data_type="1">none</failure-category> <failure-category-string data_type="1"> </failure-category-string> <compliance-results data_type="1"> </compliance-results> </system-health-resultex> <np-policy-name data_type="1">dhcp nap compliant</np-policy-name> <packet-type data_type="0">2</packet-type> <reason-code data_type="0">0</reason-code> </event>

Windows Server > Network Access Protection

Search This Blog

KCC

NAP client not capable at boot, becomes capable after more than 1 minute

Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

Windows 2016 RDS event 1306 Connection Broker Client failed to redirect the user... Error: NULL