NPS server running Win 2012 R2.
I am testing wired 802.1x policies in a test lab. Switch has been configured accordingly and client authentication works perfectly when using domain membership (via 'Domain Computers' group) as the condition.
The problem I have is if I try to extend the condition to include or even solely contain a health policy. It doesn't matter what the health policy conditions are (check for windows firewall or antivirus is on etc) but an authenticating wired client never works.
The NPS server event log shows the client was denied access and what is strange is the network policy mentioned in the event log is not the policy containing the compliant or non-compliant health policies. It's actually a separate network policy used for an 802.1x wireless implementation. So it seems the NPS server skips past the wired network access policies when a health policy is used within them.
I have Network Access Policy agent running on the client, EAP enforcement client is enabled on the client, 802.1x authentication settings are valid on the client. I have been through many online 802.1x setup guides and I am sure every setting has been configured and nothing has been missed.
This issue applies to both Windows 7 and Windows Vista clients.
Do you have any suggestions on what may be causing this problem?
