3.2.5.2.1 Receiving a DHCPREQUEST Message for New Lease Acquisition

If the DHCPREQUEST contains a user class option with value "MSFT Quarantine" (see [MS-DHCPM] section 3.1.1.8), that request is considered exempt from quarantine, no further NAP processing is performed on the message, and it is processed per [MS-DHCPE] section 3.2.5.

Otherwise, the NAP-SoH (section 2.2.1.1) and NAP-CoID (section 2.2.1.3) options are extracted from the message packet by calling DhcpExtractVendorSpecificOption ([MS-DHCPE] section 3.2.7.3). If the message from the client contained the SoH token in a NAP-SoH (section 2.2.1.1) option, a DHCP server that is NAP-enabled (determined per section 1.4 points 1 and 2) SHOULD extract the SoH token sent by the DHCP client in the message, pass it to the health policy server for validation and include the SoH-Response received from the health policy server in response to the client in the NAP-SoH option in the DHCPACK message, and initialize the Health Check Timeout timer to 2 seconds. The NAP-SoH (section 2.2.1.1) is appended to the DHCPACK message packet by calling DhcpAppendVendorSpecificOption ([MS-DHCPE] section 3.2.7.1). The SoH-Response can contain information as to whether the client has normal access to the network or whether the client has been quarantined, as specified in [TNC-IF-TNCCSPBSoH].