I am working through the document: "Demonstrate IPsec NAP Enforcement in a Test Lab" I have a DC running Windows 2008 R2 SP1 Enterprise Edition. The Enterprise Root CA is running on W2008 R2 SP1 Standard Edition. The subordinate StandAlone CA (which is also the HRA / NPS server, as in the test lab doc) is running Windows 2008 R2 Standard edition. All certificate requests are discarded from the HRA to the Subordinate CA are discarded: Active Directory Certificate Services denied request 15 because The revocation function was unable to check revocation for the certificate. 0x80092012 (-2146885614). The request was for SMALLDOM\NAP$. Additional information: Error Constructing or Publishing Certificate The Health Registration Authority was unable to acquire a certificate for request with the correlation-id {2907D871-48DF-4E9A-A612-0FBD645CA4C0}-2011-05-25 15:57:25Z at 10.99.98.50 (principal: SMALLDOM\W7-1$). Discarding the request. The Certification Authority \\NAP.smalldom.pri\smalldom-NAP-SubCA denied the request with the following error: Error Constructing or Publishing Certificate (0x80004005). Contact the Certification Authority administrator for more information. The CRLs are publishing OK, The System Health certificate shows in the PKI tree. The PKI has no errors. The heatth authority is working OK - computers are seen as compliant or not, and remediated. Just can't get a certificate. I did change the subordinate CA from a computer running Enterprise edition to on running Standard edition. CarolChi

Hi, I find that you have updated your issue in the thread http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/badf2e98-f9d1-47fe-9a38-f47f44d5b80c/#458e0f99-aca0-4e00-b5ab-5f9ce3fadf7c Please check the replies there. Best Regards, James Zou

Never did solve that one, had to use the Root CA instead.CarolChi