Event ID 20212 — VPN NAP Enforcement Client Configuration

Applies To: Windows Server 2008 R2

A Network Access Protection (NAP) enforcement client is responsible for requesting access to a network, communicating a client computer's health status to the NAP server that is authorizing the network access, and communicating the connection status of the client computer to other components of the NAP client architecture. A NAP-capable client is a computer that has the NAP components installed and can verify its health state by sending a statement of health (SoH) to NPS.

The remote access enforcement client enforces health policies when a client computer attempts to gain access to the network through a virtual private network (VPN) connection.

Event Details

Product: Windows Operating System
ID: 20212
Source: RasMan
Version: 6.1
Message: The request sent to the Network Access Protection Agent (NAPAgent) failed. Some network services or resources might not be available. If the problem persists, disconnect and retry the remote access connection or contact the administrator for the remote access.


Fix VPN NAP enforcement client message processing


A request from the VPN NAP enforcement client to the NAP Agent for the latest SoH or a request to process a response received from the RAS server failed. The following are some of the possible causes of the problem:

  • The NAP Agent service might be disabled or not running. For more information, see the "Check NAP Agent service" section.
  • There might be problems with the NAP Agent. Check the Windows event log for errors or failures related to NAP Agent.

Check the NAP Agent service

To check the status of the NAP Agent service:

  1. Open Control Panel, and click System and Maintenance.
  2. Click Administrative Tools.
  3. Double-click Services. The Services console displays the list of services and their status (started or stopped). Check if the NAP Agent service is started and running.
  4. If the NAP Agent service is not already running, right-click the service, and select Start. Administrative credentials are required to start the service through the Services console.

Note:   Contact the network administrator to find out the Start Type before starting the service.


To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
  3. Click Connect to a workplace, and then click Next.
  4. Complete the steps in the Connect to a Workplace wizard.

To connect to a remote access server:

  1. In Network and Sharing Center, click Manage network connections.
  2. Double-click the VPN connection, and then click Connect.
  3. Verify that the connection was established successfully.

VPN NAP Enforcement Client Configuration

Routing and Remote Access Service Infrastructure