Configure Trusted Server Groups for NAP Clients
Applies To: Windows Server 2008, Windows Server 2012
You can use the NAP Client Configuration snap-in to specify the health registration authority (HRA) servers that a client computer uses to obtain a health certificate. To do this you must create a trusted server group, which is an ordered list of one or more HRA servers. If there is more than one HRA server listed in a trusted server group, a client computer attempts to contact each HRA server in the order specified until an available server is found.
You must configure a trusted server group only if you are using the Internet Protocol security (IPsec) enforcement client to enforce health policies. The IPsec enforcement client relies on health certificates and HRA servers to enforce health policies.
You do not need to configure trusted server groups if you are using the Dynamic Host Configuration Protocol (DHCP) enforcement client, the Extensible Authentication Protocol (EAP) enforcement client, or the remote access enforcement client.