Client not receiving health certificate (NAP agent failed to acquire a certificate for the request)

Configured a Enterprise CA which issues certificates for Direct Access client and health certificates. The enterprise CA, HRA and NPS roles are configured on one server (Server  2008 R2 standard ), Direct Access is configured on a separate 2012 server.

Sidenote : certificates for Direct Access are being issued by the same CA, no issues accessing the network using Direct Access.

According to the Network Policy and Access server the client is granted full access because it met the configured health policies

I searched and tried several solutions, but i'm confused, in the client eventlog a HRA error appears, in the Network Policy and Access services on the server itself there's no HRA error. 

NPS configuration

1 connection request policy named : - NAP IPsec with HRA

2 network policies named : - NPA IPsec with HRA compliant 
                                        - NAP IPsec with HRA Noncompliant

Connection and network policies are configured as (Type of network access server) : Healt registration authority

CA configuration

Added the network service account to the security of the CA, permissions are : Issue and Manage Certificates / Request Certificates / Read / Manage CA (Gave it all the permissions for testing purposes)

certificate template configuration

Issued a template named Health authentication Direct Access Clients. The network service has Read/Enroll/Autoenroll permissions for this template. Application policy extensions : Client Authentication and System Health Authentication

HRA configuration

Added the CA to the HRA

Server eventlog

Network Policy Server granted full access to a user because the host met the defined health policy.

User:
Security ID:NULL SID
Account Name:-
Account Domain:-
Fully Qualified Account Name:-

Client Machine:
Security ID:Domain\computername
Account Name:computername.domain.local
Fully Qualified Account Name:Domain\computername$
OS-Version:6.1.7601 1.0 x64 Workstation
Called Station Identifier:-
Calling Station Identifier:-

NAS:
NAS IPv4 Address:Ipadres
NAS IPv6 Address:-
NAS Identifier:server.domain.local
NAS Port-Type:Ethernet
NAS Port:-

RADIUS Client:
Client Friendly Name:-
Client IP Address:-

Authentication Details:
Connection Request Policy Name:NAP IPsec with HRA
Network Policy Name:NAP IPsec with HRA Compliant
Authentication Provider:Windows
Authentication Server:server.domain.local
Authentication Type:Unauthenticated
EAP Type:-
Account Session Identifier:SESSION IDENTIFIER

Quarantine Information:
Result:Full Access
Extended-Result:-
Session Identifier:SESSION IDENTIFIER
Help URL:-
System Health Validator Result(s):
Windows Security Health Validator

Client eventlog

The Network Access Protection Agent failed to acquire a certificate for the request with the correlation-id {AD43EFEA-A663-4EE8-BCF7-28699DFC9AAC} - 2013-10-23 12:21:01.726Z fromhttps://CASERVER.DOMAIN.LOCAL/DomainHRA/HCSRVEXT.DLL.<o:p></o:p>

The request failed with the error code (500). This server will not be tried again for 10 minutes.<o:p></o:p>

Contact the HRA administrator for more information.

The strange thing is, i don't see any failed request on the CA or any failed request with the same correlation-id appear in the Network Policy and Access Services event log which tells me that the client didn't connect to the HRA. If i try to open the url https://CASERVER.DOMAIN.LOCAL/DomainHRA/HCSRVEXT.DLL.a popup appears asking me for a username and password. If i enter the password another page opens with internal error 500. No SSL errors. 
(Auditing is enabled, checked it with the auditpol command)

Show config output

NAP client configuration (group policy): 
---------------------------------------------------- 

NAP client configuration: 
---------------------------------------------------- 

Cryptographic service provider (CSP) = Microsoft RSA SChannel Cryptographic Provider, keylength = 2048 

Hash algorithm = sha1RSA (1.3.14.3.2.29) 

Enforcement clients: 
---------------------------------------------------- 
Name            = DHCP Quarantine Enforcement Client 
ID              = 79617 
Admin           = Disabled 

Name            = IPsec Relying Party 
ID              = 79619 
Admin           = Enabled 

Name            = RD Gateway Quarantine Enforcement Client 
ID              = 79621 
Admin           = Disabled 

Name            = EAP Quarantine Enforcement Client 
ID              = 79623 
Admin           = Disabled 

Client tracing: 
---------------------------------------------------- 
State = Disabled 
Level = Disabled 

Trusted server group configuration: 
---------------------------------------------------- 
Group            = HRA 
Require Https    = Disabled 
URL              = http://CA.DOMAIN.LOCAL/DomainHRA/HCSRVEXT.DLL 
Processing order = 1 
Group            = HRA 
Require Https    = Disabled 
URL              = https://CA.DOMAIN.LOCAL/DomainHRA/HCSRVEXT.DLL 
Processing order = 2 

Ok.

Show state output

Client state: 
---------------------------------------------------- 
Name                   = Network Access Protection Client 
Description            = Microsoft Network Access Protection Client 
Protocol version       = 1.0 
Status                 = Enabled 
Restriction state      = Not restricted 
Troubleshooting URL    =  
Restriction start time =  
Extended state         =  
GroupPolicy            = Configured 

Enforcement client state: 
---------------------------------------------------- 
Id                     = 79617 
Name                   = DHCP Quarantine Enforcement Client 
Description            = Provides DHCP based enforcement for NAP 
Version                = 1.0 
Vendor name            = Microsoft Corporation 
Registration date      =  
Initialized            = No 

Id                     = 79619 
Name                   = IPsec Relying Party 
Description            = Provides IPsec based enforcement for Network Access Protection 
Version                = 1.0 
Vendor name            = Microsoft Corporation 
Registration date      =  
Initialized            = Yes 

Id                     = 79621 
Name                   = RD Gateway Quarantine Enforcement Client 
Description            = Provides RD Gateway enforcement for NAP 
Version                = 1.0 
Vendor name            = Microsoft Corporation 
Registration date      =  
Initialized            = No 

Id                     = 79623 
Name                   = EAP Quarantine Enforcement Client 
Description            = Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies. 
Version                = 1.0 
Vendor name            = Microsoft Corporation 
Registration date      =  
Initialized            = No 

System health agent (SHA) state: 
---------------------------------------------------- 
Id                     = 79744 
Name                   = Windows Security Health Agent
 
Description            = The Windows Security Health Agent monitors security settings on your computer.
 
Version                = 1.0
 
Vendor name            = Microsoft Corporation
 
Registration date      =  
Initialized            = Yes 
Failure category       = None 
Remediation state      = Success 
Remediation percentage = 0 
Fixup Message          = (3237937214) - The Windows Security Health Agent has finished updating the security state of this computer.
 
Compliance results     = 
Remediation results    = 

Ok.