Event ID 40 — HRA Discovery

Applies To: Windows Server 2008 R2

To use NAP with the IPsec enforcement method, client computers must be configured with trusted server group settings. Trusted server groups provide a list of Health Registration Authority (HRA) servers that NAP clients use when they request a health certificate. There are three methods available to configure trusted sever groups on the NAP client:

  1. Local computer settings. You can use the NAP client configuration console or command line to configure NAP settings on the local computer. If NAP client settings are configured in Group Policy, the local computer NAP client settings will be ignored.
  2. Group Policy settings. You can use the Group Policy Management Console (GPMC) on a computer with the Group Policy Management feature installed to configure NAP client settings in Group Policy.
  3. HRA autodiscovery. You can configure NAP clients to automatically discover HRA servers. To enable HRA autodiscovery, you must configure NAP client registry settings and DNS services (SRV) records. In addition, you must clear the local computer or Group Policy trusted server group settings.

Note: If the client computer is not using the NAP IPsec enforcement method, you can disable HRA autodiscovery.

Event Details

Product: Windows Operating System
ID: 40
Source: Microsoft-Windows-NetworkAccessProtection
Version: 6.1
Message: The Network Access Protection Agent has dynamically discovered the following HRAs for this network (using the query %1):
The DNS servers in your configuration at the time this discovery took place included:


This is a normal condition. No further action is required.

HRA Discovery

NAP Infrastructure