02-04-2013 06:45 PM
First time poster. I am relatively new to Clearpass and Aruba products in general, so forgive me if I have overlooked something obvious. I wasn't able to find an answer within the documentation or forums.
I am attempting to configure a Clearpass posture check using the built-in MS-NAP agent in Windows. My client is running Windows 7 SP1, and I have started the NAP service on the client. However, when I attempt to authenticate, I am still met with a posture token of UNKNOWN, and if I dig into the Computed Attributes, I see that "Authentication:Posture" reads "Not-Capable" (see attached image). I even went to double verify that the NAP agent is running, so I'm not sure what else needs to be done. Is there additional configuration that needs to also be done on Active Directory? I figured Clearpass took the place of Windows Server as the NAP "authenticator" or what have you, so I didn't think anything else is needed on that end.
My rules are simple: Passes all SHV checks = HEALTHY, Fails one or more SHV checks: QUARANTINE. Default policy is UNKNOWN.
Any advice or knowledge sharing is appreciated.
02-04-2013 09:52 PM
Have you got "Enforce Network Access Protection" enabled for the network connection in Windows?
(This was previously called "Enable Quarantine checks" in older versions of Windows.)
Without this it seems that Windows won't send a statement-of-health which is probably why you are seeing Not-Capable.
02-05-2013 11:13 AM
Thanks for the suggestion Dave, I did not know it needed to also be enabled for the SSID profile. However this did not do the trick; I still get "Not-Capable" in Access Tracker.
And I did go in and make sure to start my NAP service when I turned on the computer today.
Any other suggestions?