Request A Quote

Iron Networks Blog

why choose iron Software Define Data Center Hnv Hybrid Cloud Gateway MCE Cloud Edge Gateway Cloudboxx, branch-in-a-box Wss, windows storage systems

UAG 2010: Error "Applying Network Access Protection configuration failed"



When trying to activate the configuration on a UAG server, you might find that the activation failed and you can see the following error messages in the status window:

Error: Applying Network Access Protection configuration failed.

Error: The UAG DirectAccess configuration cannot be activated

Error: DirectAccess could not be activated.

This ironically happens even when Network Access Protection (NAP) is not in use at all. We tested it even with DirectAccess disabled.


The reason is that the Health Registration Authority (HRA) sub role under Network Policy Server role is not installed. Under the hood, UAG tries to run the following command routinely as part of the activation process:

netsh nap hra reset caserver

This command resets the HRA settings, but since the HRA sub-role does not exist, NETSH returns an error and UAG activation fails. In the BIT tracing you can see the following line which illustrates that the command could not be executed at all

 [2]0B88.0BE8::03/11/2011-18:59:06.579 [DA.ConfigAgent]Command [nap hra reset caserver] failed to execute.

 The root cause can be easily seen by opening the Server Manager console on the UAG Server:


Install the Health Registration Authority role from the server manager and re-actiavte the configuration

In some cases, you may need to complete remove the NAP role and re-add it. If you aren't able to get this fixed, please contact nAppliance support team at support [at]


Content courtesy - nAppliance Support Team


Copyright © 2023 Iron Networks, Inc. All Rights Reserved.