The health state of an incoming virtual private network (VPN) connection may appear to be incorrect in the Routing and Remote Access snap-in on a Windows Server 2008-based computer.
Back to the top
You may experience this issue in several scenarios. The following sample scenarios may help you identify the issue.
Back to the top
Scenario 1
| • | You are using a non-Network Access Protection (NAP) connection to connect to a Windows Server 2008-based Routing and Remote Access server from a client computer. |
| • | You are using Remote Access Quarantine service filters. |
In this scenario, the status of the Routing and Remote Access client may be displayed incorrectly.
Back to the top
Scenario 2
| • | You are using non-Protected Extensible Authentication Protocol (PEAP) authentication to connect to the Windows Server 2008-based Routing and Remote Access server. |
| • | You are using Network Policy Server (NPS) together with legacy Remote Access Quarantine service filters. |
In this scenario, you expect the status of the Routing and Remote Access client to appear as
Quarantine or as
Restricted on the Windows Server 2008-based computer. Instead, the status of the client appears as
Not NAP Capable.
If you use the
netsh command to see the status, the status appears as "Unknown."
Back to the top
Scenario 3
| • | You are using PEAP authentication to connect to the Windows Server 2008-based Routing and Remote Access server. |
| • | On the client computer, you configure the incoming connection to match the NAP health policy.
|
| • | The Remote Access Quarantine service is running on the Windows Server 2008-based computer. |
In this scenario, the status of the Routing and Remote Access client may appear as
Unrestricted on the Windows Server 2008-based computer.
Back to the top
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
