I had real hard time in troubleshooting the problem where NAP capable clients were evaluated as Non NAP capable by the NPS server. 802.1x authentication was perfectly successful but there were no information about the client’s health. It seemed NPS server was working as a plain RADIUS server.

There are few points which must be checked for a successful implementation of Microsoft NAP. Check all of these:

1. NAP agent must be running: To check use “netsh nap client show state” in command prompt. If not running, go to services and start the service and put it to automatic.
2. Enforcement client 79623 is enabled and initialized on the client: This can also be checked with the previous command.
3. Quarantine checks are enabled in PEAP properties on the client: See the authentication tab in network properties.
4. 802.1X with PEAP is configured (rather than 802.1X with EAP) on the client: See the authentication tab in network properties.
5. NAP agent is running before 802.1x authentication. Put the dependency on NAP agent with wired auto config.
6. Override network policy authentication settings is enabled in connection request policy on the server.

Hope it will help you in troubleshooting your NAP setup. Questions and suggestions are welcomed. Enjoy

Sources: Microsoft, Greg Lindsay