Event ID 2 — Local Request Processing
Applies To: Windows Server 2008
Health Registration Authority (HRA) uses a HTTP/HTTPS interface to read and process Network Access Protection (NAP) client health certificate requests. This interface can be configured with custom settings, called request policy, that require NAP client computers to use specified security methods when communicating with HRA.
By default, HRA is configured to allow client computers to use any of the available request policy methods. You can also specify custom settings. If you configure a custom request policy on HRA, you must ensure that NAP clients use these security methods to request health certificates.
Event Details
Product: | Windows Operating System |
ID: | 2 |
Source: | HRA |
Version: | 6.0 |
Symbolic Name: | HRA_ERROR_READING_REQUEST |
Message: | The Health Registration Authority was unable to read the request from the host at %1. See the Health Registration Authority administrator for more information. |
Resolve
Configure HTTP UserAgent
This error condition indicates that a client computer is using a HTTP client user agent that is not allowed by HRA. Confirm that the NAP client computer is using a HTTP user agent allowed by HRA. If client computers are not able to acquire health certificates when specific user agents are required by HRA, then reset the HRA client user agent configuration to allow the use of any agent.
To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
Check allowed user agents
To review the HTTP client user agents allowed by HRA:
- On the computer where HRA is installed, click Start.
- Right-click Command Prompt, and then click Run as Administrator.
- In the command window, type netsh nap hra show configuration, and then press ENTER.
- Under Allowed HTTP client user agents, review the list of user agents. If this section is not displayed, then any HTTP client user agent is allowed.
Configure allowed user agents
To configure HRA to allow the use of any HTTP client user agent:
- On the computer where HRA is installed, click Start.
- Right-click Command Prompt, and then click Run as Administrator.
- In the command window, type netsh nap hra reset useragent, and then press ENTER.
- Confirm that the command completed successfully.
Verify
To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.
To verify that the HRA service is configured to process client certificate requests:
- On a NAP client computer that is configured to use the current HRA, open a command prompt.
- In the command window, type netsh nap client show configuration, and then press ENTER.
- In the command output, under NAP client configuration, record the values next to Cryptographic service provider (CSP) and Hash algorithm.
- On the computer where HRA is installed, click Start, and then click Command Prompt.
- In the command window, type netsh nap hra show configuration, and then press ENTER.
- In the command output, verify that the following sections are not displayed, or that their values are compatible with the client settings recorded in step 3:
- Allowed cryptographic service providers (CSPs)
- Allowed hash algorithms
- Allowed asymmetric key algorithms
- Allowed HTTP client user agents
- If these sections are not displayed in the command output, then HRA is configured to allow the use of any available client cryptographic and transport policy settings.