Windows Server® 2008 Networking and Network Access Protection (NAP)

Errata for Windows Server® 2008 Networking and Network Access Protection (NAP)




The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page 7

173.1.255.255 should be 172.31.255.255 On page 7, the second network in Tabel 1-4 is incorrect. Change: "172.16.0.0–173.1.255.255" To: "172.16.0.0–172.31.255.255"

Microsoft Press  May 06, 2010 
Printed
Page 642

Incorrect information regarding Windows Server 2008 certificate On page 642, the "Creating the Certificate Template for Health Certificates" section contains incorrect information.Change:"For a Windows Server 2003–based NAP CA, you must manually create a System Health Authentication certificate template so that members of the IPsec exemption group can autoenroll a long-lived health certificate. For a Windows Server 2008–based NAP CA, a System Health Authentication certificate template is included."To:"For a Windows Server 2008 or Windows Server 2003–based NAP CA, you must manually create a System Health Authentication certificate template so that members of the IPsec exemption group can autoenroll a long-lived health certificate."

Microsoft Press  Jul 13, 2010 
Printed
Page 643

Incorrect practice label and procedure On page 643, the "To Create a Health Certificate Template on a Windows Server 2003–based NAP CA" practice is incorrect.Change:"To Create a Health Certificate Template on a Windows Server 2003–based NAP CA 1. Click Start, click Run, type certtmpl.msc, and then press ENTER. 2. In the details pane, right-click Workstation Authentication, and then click Duplicate Template. This template is used because it is already configured with the client authentication EKU. 3. On the General tab, under Template Display Name, type System Health Authentication. 4. Select the Publish Certificate In Active Directory check box. 5. Click the Extensions tab, and then click double-click Application Policies. 6. Click Add, and then click New. 7. In the New Application Policy dialog box, under Name, type System Health Authentication, and under Object Identifier, type 1.3.6.1.4.1.311.47.1.1. The Client Authentication application policy will already be present. 8. Click OK three times, and then click the Security tab. Because the WorkStation Authentication template was duplicated, this template should have two application policies: Client Authentication and System Health Authentication. 9. Click Add, type the name of your IPsec NAP exemption group (such as IPsec NAP Exemption), and then click OK. 10. On the Security tab, in the Groups Or User Names list, select the name of your IPsec NAP exemption group, and then select the Allow check box next to Autoenroll. Click OK. For a Windows Server 2008–based NAP CA, you must ensure that the System Health Authentication certificate template has the appropriate permissions for autoenrollment in the IPsec NAP exemption group."To:"To Create a Health Certificate Template on a Windows Server 2008 or Windows Server 2003-Based NAP CA 1. Click Start, click Run, type certtmpl.msc, and then press ENTER. 2. In the details pane, right-click Workstation Authentication, and then click Duplicate Template. This template is used because it is already configured with the client authentication EKU. 3. For a Windows Server 2008-based NAP CA, click Windows Server 2008, Enterprise Edition in the Duplicate Template dialog box, and then click OK. 4. On the General tab, under Template Display Name, type System Health Authentication. 5. Select the Publish Certificate In Active Directory check box. 6. Click the Extensions tab, and then double-click Application Policies. 7. For a Windows Server 2008-based NAP CA, click Add, double-click System Health Authentication, and then click OK. For a Windows Server 2003-based NAP CA, click Add, and then click New. In the New Application Policy dialog box, under Name, type System Health Authentication, and under Object Identifier, type 1.3.6.1.4.1.311.47.1.1. The Client Authentication application policy will already be present. 8. Click OK three times. 9. Click the Security tab. 10. Click Add, type the name of your IPsec NAP exemption group (such as IPsec NAP Exemption), and then click OK. 11. On the Security tab, in the Groups Or User Names list, select the name of your IPsec NAP exemption group, and then select the Allow check box next to Autoenroll. Click OK.

Microsoft Press  May 06, 2010 
Printed
Page 671

Add sentence to end of Netsh NAP Tracing section On page 671, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%system32LogFilesWMI folder. "

Microsoft Press  Jul 13, 2010 
Printed
Page 711

Add sentence to end of Netsh NAP Tracing section On page 711, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%system32LogFilesWMI folder. "

Microsoft Press  May 06, 2010 
Printed
Page 743

Add sentence to end of Netsh NAP Tracing section On page 743, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%system32LogFilesWMI folder. "

Microsoft Press  Jul 13, 2010 
Printed
Page 773

Add sentence to end of Netsh NAP Tracing section On page 773, an additional sentence should be added to the end of the "Netsh NAP Tracing" section that reads:"In Windows Vista Service Pack 1, the log files are stored in the %SystemRoot%system32LogFilesWMI folder. " Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.

Microsoft Press  May 06, 2010