When the System Health Validator point in Configuration Manager 2007 is not able to provide a health status to the Network Policy Server because of an error condition, it sends a Failure Category and code to the Network Policy Server. By default, these are matched to a non-compliant status, which is the more secure configuration than matching it a compliant status. However, failure categories can be configured for either compliant or non-compliant in the Configuration Manager System Health Validator properties in the Network Policy Server console.
If the error is on the client side, the System Health Validator point sends either a Client Component Failure Category or a Client Communication Failure Category. In the Configuration Manager System Health Validator properties on the Network Policy Server, these match to SHA not responding to NAP client and SHA unable to contact required services, respectively.
If the error is on the Network Policy Server side, the System Health Validator point sends either a Server Component Failure Category or a Server Communication Failure Category. In the Configuration Manager System Health Validator properties on the Network Policy Server, these match to SHV not responding and SHV unable to contact required services, respectively.
Any other errors including a compliance status of Unknown (for example, if the System Health Validator was unable to retrieve a system health reference for the client's site) match to the option SHA vendor specific error code received.
To change the default error mapping of Non-compliant to Compliant, use the following steps:
- Load the Network Policy Server console, and navigate to
Network Access Protection, and then expand System Health
Validators.
- Right-click Configuration Manager System Health
Validator, and then click Properties.
- Use the drop-down list against each of the follow error
conditions and configure them for compliant or non-compliant:
- SHV unable to contact required
services.
- SHA unable to contact required
services.
- SHA not responding to NAP Client.
- SHV not responding.
- SHA vendor specific error code
received.
- SHV unable to contact required
services.
- Click OK.