Hi all,
I have implemented 802.1x with NAP enforcement in our network.
Things are working fine as expected. I am facing the following issue.
Everyday on first system boot, PCs are declared as NAP non-compliant by NPS server since SoH is not sent by the client.
SHAs are not initializing immediately after system boot. SoH is cached in system. Verified the following registry key before rebooting the system: HKLM/system/currentcontrolset/services/napagent/SohCache - each SHA has its Cached SoH (79744 -WSHA / 79745 - SCCM client)
After sometime, when SHAs initialize, they trigger dot1x authentication. This time SoH is sent and PC is declared compliant by NPS
On system boot, the napagent is not sending the cached SoH to NPS server for Health validation.
How to modify the behaviour of the clients so that they send Cached SOH on firs authentication attempt immediately after system booting?