Problem:
When trying to activate the configuration on a UAG server, you might find that the activation failed and you can see the following error messages in the status window:
Error: Applying Network Access Protection configuration failed.
Error: The UAG DirectAccess configuration cannot be activated
Error: DirectAccess could not be activated.
This ironically happens even when Network Access Protection (NAP) is not in use at all. We tested it even with DirectAccess disabled.
Cause:
The reason is that the Health Registration Authority (HRA) sub role under Network Policy Server role is not installed. Under the hood, UAG tries to run the following command routinely as part of the activation process:
netsh nap hra reset caserver
This command resets the HRA settings, but since the HRA sub-role does not exist, NETSH returns an error and UAG activation fails. In the BIT tracing you can see the following line which illustrates that the command could not be executed at all
[2]0B88.0BE8::03/11/2011-18:59:06.579 [DA.ConfigAgent]Command [nap hra reset caserver] failed to execute.
The root cause can be easily seen by opening the Server Manager console on the UAG Server:
Solution:
Install the Health Registration Authority role from the server manager and re-actiavte the configuration
In some cases, you may need to complete remove the NAP role and re-add it. If you aren't able to get this fixed, please contact nAppliance support team at support@nappliance.com
Content courtesy - nAppliance Support Team