Client Computer Failed to Acquire a Certificate

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

This problem occurs in a deployment of Network Access Protection (NAP) with Internet Protocol security (IPsec) enforcement and can be caused by a variety of issues, including:

  • There is a configuration problem on Network Policy Server (NPS).

  • There is a configuration problem on Health Registration Authority (HRA).

  • There is a configuration problem on the NAP certification authority (CA).

  • There is a configuration problem on the NAP client computer.

Description of system behavior

The network access of IPsec-enabled NAP client computers that are unable to acquire a health certificate will be restricted if NAP IPsec policies are enforced.

Associated operating system events

  • NAP client event ID 21: The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id %2 from %1. The request failed with the error code (%3). This server will not be tried again for %4 minutes. See the HRA administrator for more information.

Root cause diagnosis and resolution

Due to the number of problems that can cause this issue, isolation can be difficult. To troubleshoot this problem, use the events that you observe on the HRA server and the HRA events table provided in the Tools for Troubleshooting NAP topic. In addition, you can use the error code that is provided with event ID 21 to help determine the root cause. For example, an error code of 500 indicates that there is a server-side configuration problem; an error code of 2147954575 indicates a Secure Sockets Layer (SSL) problem. These codes are derived from WinHttp status codes and error codes.

The following table lists the error codes and their associated status or error value.

Error code

Status or Value

100

HTTP_STATUS_CONTINUE

101

HTTP_STATUS_SWITCH_PROTOCOLS

200

HTTP_STATUS_OK

201

HTTP_STATUS_CREATED

202

HTTP_STATUS_ACCEPTED

203

HTTP_STATUS_PARTIAL

204

HTTP_STATUS_NO_CONTENT

205

HTTP_STATUS_RESET_CONTENT

206

HTTP_STATUS_PARTIAL_CONTENT

207

HTTP_STATUS_WEBDAV_MULTI_STATUS

300

HTTP_STATUS_AMBIGUOUS

301

HTTP_STATUS_MOVED

302

HTTP_STATUS_REDIRECT

303

HTTP_STATUS_REDIRECT_METHOD

304

HTTP_STATUS_NOT_MODIFIED

305

HTTP_STATUS_USE_PROXY

307

HTTP_STATUS_REDIRECT_KEEP_VERB

400

HTTP_STATUS_BAD_REQUEST

401

HTTP_STATUS_DENIED

402

HTTP_STATUS_PAYMENT_REQ

403

HTTP_STATUS_FORBIDDEN

404

HTTP_STATUS_NOT_FOUND

405

HTTP_STATUS_BAD_METHOD

406

HTTP_STATUS_NONE_ACCEPTABLE

407

HTTP_STATUS_PROXY_AUTH_REQ

408

HTTP_STATUS_REQUEST_TIMEOUT

409

HTTP_STATUS_CONFLICT

410

HTTP_STATUS_GONE

411

HTTP_STATUS_LENGTH_REQUIRED

412

HTTP_STATUS_PRECOND_FAILED

413

HTTP_STATUS_REQUEST_TOO_LARGE

414

HTTP_STATUS_URI_TOO_LONG

415

HTTP_STATUS_UNSUPPORTED_MEDIA

449

HTTP_STATUS_RETRY_WITH

500

HTTP_STATUS_SERVER_ERROR

501

HTTP_STATUS_NOT_SUPPORTED

502

HTTP_STATUS_BAD_GATEWAY

503

HTTP_STATUS_SERVICE_UNAVAIL

504

HTTP_STATUS_GATEWAY_TIMEOUT

505

HTTP_STATUS_VERSION_NOT_SUP

2147954401

ERROR_WINHTTP_OUT_OF_HANDLES

2147954402

ERROR_WINHTTP_TIMEOUT

2147954404

ERROR_WINHTTP_INTERNAL_ERROR

2147954405

ERROR_WINHTTP_INVALID_URL

2147954406

ERROR_WINHTTP_UNRECOGNIZED_SCHEME

2147954407

ERROR_WINHTTP_NAME_NOT_RESOLVED

2147954409

ERROR_WINHTTP_INVALID_OPTION

2147954411

ERROR_WINHTTP_OPTION_NOT_SETTABLE

2147954412

ERROR_WINHTTP_SHUTDOWN

2147954415

ERROR_WINHTTP_LOGIN_FAILURE

2147954417

ERROR_WINHTTP_OPERATION_CANCELLED

2147954418

ERROR_WINHTTP_INCORRECT_HANDLE_TYPE

2147954419

ERROR_WINHTTP_INCORRECT_HANDLE_STATE

2147954429

ERROR_WINHTTP_CANNOT_CONNECT

2147954430

ERROR_WINHTTP_CONNECTION_ERROR

2147954432

ERROR_WINHTTP_RESEND_REQUEST

2147954437

ERROR_WINHTTP_SECURE_CERT_DATE_INVALID

2147954438

ERROR_WINHTTP_SECURE_CERT_CN_INVALID

2147954444

ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED

2147954445

ERROR_WINHTTP_SECURE_INVALID_CA

2147954457

ERROR_WINHTTP_SECURE_CERT_REV_FAILED

2147954500

ERROR_WINHTTP_CANNOT_CALL_BEFORE_OPEN

2147954501

ERROR_WINHTTP_CANNOT_CALL_BEFORE_SEND

2147954502

ERROR_WINHTTP_CANNOT_CALL_AFTER_SEND

2147954503

ERROR_WINHTTP_CANNOT_CALL_AFTER_OPEN

2147954550

ERROR_WINHTTP_HEADER_NOT_FOUND

2147954552

ERROR_WINHTTP_INVALID_SERVER_RESPONSE

2147954553

ERROR_WINHTTP_INVALID_HEADER

2147954554

ERROR_WINHTTP_INVALID_QUERY_REQUEST

2147954555

ERROR_WINHTTP_HEADER_ALREADY_EXISTS

2147954556

ERROR_WINHTTP_REDIRECT_FAILED

2147954557

ERROR_WINHTTP_SECURE_CHANNEL_ERROR

2147954566

ERROR_WINHTTP_BAD_AUTO_PROXY_SCRIPT

2147954567

ERROR_WINHTTP_UNABLE_TO_DOWNLOAD_SCRIPT

2147954569

ERROR_WINHTTP_SECURE_INVALID_CERT

2147954570

ERROR_WINHTTP_SECURE_CERT_REVOKED

2147954572

ERROR_WINHTTP_NOT_INITIALIZED

2147954575

ERROR_WINHTTP_SECURE_FAILURE

2147954578

ERROR_WINHTTP_AUTO_PROXY_SERVICE_ERROR

2147954579

ERROR_WINHTTP_SECURE_CERT_WRONG_USAGE

2147954580

ERROR_WINHTTP_AUTODETECTION_FAILED

2147954581

ERROR_WINHTTP_HEADER_COUNT_EXCEEDED

2147954582

ERROR_WINHTTP_HEADER_SIZE_OVERFLOW

2147954583

ERROR_WINHTTP_CHUNKED_ENCODING_HEADER_SIZE_OVERFLOW

2147954584

ERROR_WINHTTP_RESPONSE_DRAIN_OVERFLOW

2147954585

ERROR_WINHTTP_CLIENT_CERT_NO_PRIVATE_KEY

2147954586

ERROR_WINHTTP_CLIENT_CERT_NO_ACCESS_PRIVATE_KEY

2147954586

WINHTTP_ERROR_LAST