No announcement yet.

Network Access protection in Windows 2008 SP2 not working as expected

  • Filter
  • Time
  • Show
Clear All
new posts

  • Network Access protection in Windows 2008 SP2 not working as expected

    Dear Experts,
    We are using Network policy server for assigning IP address to different VLAN using Windows 2008 DHCP server based on user groups. We have our Wi-Fi controller setup for 802.1x authentication and NPS as RADIUS. Now we need to enable Network Access Protection in same setup. The NPS have enterprise CA and DHCP on same box. So we configured NAP with wirelless enforcement as follows:
    • EAP Qurantine NAP enforcement clients enabled
    • NAP Agent service set to automatic
    • Wired Autoconfig service set to automatic
    • Security Center user interface enabled
    • Wifi policy for Windows XP and VISTA configured in GPO with PEAP access and to trust NPS server
    After these settings are configured in the GPO and linked to NPS OU. We have created a global security group and added the computer name to same on which we want to enable NAP. Then NAP was configured using wizard on NPS for wireless network as follows:
    1. Wi-Fi controller added as RADIUS client
    2. 2 VLAN configured for COMPLIANT and NON_COMPLIANT client
    3. Non NAP capable system denied access to networks
    4. New test user created to validate NAP
    5. Same user added in productiuon group so that it can take production VLAN IP through DHCP if compliant
    We are facing below issues:
    1. On windows 7 32-bit, system is behaving properly but didnt display any NAP messeage in action center, e.g. if compliant it takes prodction IP but if we disable antivirus then goes out of production network and takes non compliant VLAN
    2. On Windows XP, even after disabling firewall, antivirus, it still remians in prodcution VLAN. Even command "netsh nap client show grouppolicy" and netsh nap client show state" shows correct output but nothing happens for NAP, no message, no error
    3. On windows 7 64-bit, even group policy setting are not getting deployed. Can anyone see what can be wrong?
    Please help!!! also recommend if the way we are doing isw correct.
    thanks in advance......