none
[Troubleshooting] List of IAS authentication reason-codes in Event logs RRS feed

  • Question

  • The following set of reason-codes are associated with IAS authentication in Event log.

    Open Event viewer and locate to Security log to view the audit information:

    Event viewer -> Windows logs -> Security

     

    Reason code

    Description

    IASP_SUCCESS 

    0

    The operation completed successfully. 

    IASP_INTERNAL_ERROR 

    1

    An internal error occurred. Check the system event log for additional information. 

    IASP_ACCESS_DENIED 

    2

    There are no sufficient access rights to process the request. 

    IASP_MALFORMED_REQUEST 

    3

    The Remote Authentication Dial-In User Service (RADIUS) request was not properly  

    formatted. 

    IASP_GLOBAL_CATALOG_UNAVAILABLE 

    4

    The Active Directory global catalog cannot be accessed. 

    IASP_DOMAIN_UNAVAILABLE 

    5

    The user account domain cannot be accessed. 

    IASP_SERVER_UNAVAILABLE 

    6

    The server is unavailable. 

    IASP_NO_SUCH_DOMAIN 

    The specified domain does not exist. 

    IASP_NO_SUCH_USER 

    8

    The specified user account does not exist. 

    IASP_EXTENSION_DISCARD 

    The request was discarded by a third-party extension DLL file. 

    IASP_AUTH_FAILURE 

    16

    Authentication was not successful because an unknown user name or incorrect  

    password was used. 

    IASP_CHANGE_PASSWORD_FAILURE 

    17 

    The user could not change his or her password because the new password did not meet  

    the password requirements for this network. 

    IASP_UNSUPPORTED_AUTH_TYPE 

    18

    The specified authentication type is not supported. 

    IASP_NO_CLEARTEXT_PASSWORD 

    19

    The user could not be authenticated using Challenge Handshake Authentication  

    Protocol (CHAP). A reversibly encrypted password does not exist for this user  

    account. To ensure that reversibly encrypted passwords are enabled, check either  

    the domain password policy or the password settings on the user account. 

    IASP_LM_NOT_ALLOWED 

    20

    LAN Manager authentication is not enabled. 

    IASP_EXTENSION_REJECT 

    21

    The request was rejected by a third-party extension DLL file. 

    IASP_EAP_NEGOTIATION_FAILED 

    22

    The client could not be authenticated because the Extensible Authentication  

    Protocol (EAP) Type cannot be processed by the server. 

    IASP_UNEXPECTED_EAP_ERROR 

    23

    Unexpected error. Possible error in server or client configuration. 

    IASP_LOCAL_USERS_ONLY 

    32

    The current server configuration supports only local user accounts. 

    IASP_PASSWORD_MUST_CHANGE 

    33

    The user must change his or her password. 

    IASP_ACCOUNT_DISABLED 

    34

    Authentication failed because the user account is not enabled. Before the account  

    can be authenticated, a person with administrative rights for either the computer  

    or the domain must enable the user account. 

    IASP_ACCOUNT_EXPIRED 

    35 

    The user account has expired. Only a person with administrative rights for either  

    the computer or the domain can reset the expiration date on the user account. 

    IASP_ACCOUNT_LOCKED_OUT 

    36 

    The user account is currently locked and cannot be authenticated. Only a person  

    with administrative rights for either the computer or the domain can unlock the  

    user account.

    IASP_INVALID_LOGON_HOURS 

    37 

    Authentication failed because of a logon time restriction on the user account.  

    Ensure that the permitted logon hours for the user account are correct. 

    IASP_ACCOUNT_RESTRICTION 

    38

    Authentication failed because of a user account restriction. Check the user account  

    properties for restrictions. 

    IASP_NO_POLICY_MATCH 

    48

    The connection attempt did not match any remote access policy.

    IASP_NO_CONNECTION_REQUEST_POLICY_MATCH 

    49

    The connection attempt did not match any connection request policy.

    IASP_DIALIN_LOCKED_OUT 

    64

    The user account exceeded the remote access account lockout count

    IASP_DIALIN_DISABLED 

    65

    The connection attempt failed because remote access permission for the user account  

    was denied. To allow remote access, enable remote access permission for the user  

    account, or, if the user account specifies that access is controlled through the  

    matching remote access policy, enable remote access permission for that remote  

    access policy. 

     


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

     

    Tuesday, October 16, 2018 8:42 AM
    Owner

All replies

  • IASP_INVALID_AUTH_TYPE 

    66

    The user attempted to use an authentication method that is not enabled on the  

    matching remote access policy.

    IASP_INVALID_CALLING_STATION 

    67 

    The user attempted to connect through either a phone number or calling station that  

    does not match the Caller ID listed for the user account.

    IASP_INVALID_DIALIN_HOURS 

    68 

    The user attempted to connect outside of permitted hours. Check the dial-in  

    constraints for the matching remote access policy. 

    IASP_INVALID_CALLED_STATION 

    69 

    The user attempted to connect through a phone number that did not match the  

    restricted dial-in number. Check the dial-in constraints for the matching remote  

    access policy.

    IASP_INVALID_PORT_TYPE 

    70

    The user attempted to connect using a dial-in medium that did not match the  

    restricted dial-in media. Check the dial-in constraints for the matching remote  

    access policy. 

    IASP_DIALIN_RESTRICTION 

    71

    A dial-in constraint caused the connection attempt to fail. Check the dial-in  

    constraints for the matching remote access policy. 

    IASP_CPW_NOT_ALLOWED 

    72

    The user cannot change his or her password because the change password option is  

    not enabled for the matching remote access policy.

    IASP_INVALID_CERT_EKU 

    73 

    The user attempted to authenticate using a certificate with an Extended Key Usage  

    or Issuance Policy that is not allowed by the matching remote access policy. 

    IASP_NO_RECORD 

    80 

    The authentication or accounting record could not be written to the log file  

    location. Ensure that the log file location is accessible, has available space, can  

    be written to, and that the directory or SQL server name is valid. 

    IASP_SESSION_TIMEOUT 

    96 

    The authentication request was not processed because the session timed out. 

    IASP_UNEXPECTED_REQUEST 

    97

    The authentication request was not processed because it contained a Remote  

    Authentication Dial-In User Service (RADIUS) message that was not appropriate for  

    the secure authentication transaction. 

    IASP_PROXY_REJECT 

    112 

    The remote RADIUS (Remote Authentication Dial-In User Service) server did not  

    process the authentication request. 

    IASP_PROXY_UNKNOWN_GROUP 

    113 

    The remote RADIUS (Remote Authentication Dial-In User Service) server group does  not exist. 

    IASP_PROXY_UNKNOWN_SERVER 

    114 

    The authentication request could not be forwarded to the remote RADIUS (Remote  

    Authentication Dial-In User Service) server because this server is no longer configured from the local server. 

    IASP_PROXY_PACKET_TOO_LONG 

    115

    The authentication request could not be forwarded to the remote RADIUS (Remote  

    Authentication Dial-In User Service) server because the issued packet was too large. 

    IASP_PROXY_SEND_ERROR 

    116

    The authentication request could not be forwarded to the remote RADIUS (Remote Authentication Dial-In User Service) server because of a network problem. 

    IASP_PROXY_TIMEOUT

    117

    The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond.

    IASP_PROXY_MALFORMED_RESPONSE 

    118

    The remote RADIUS (Remote Authentication Dial-In User Service) server returned an unreadable response. 

    IASP_CRYPT_E_REVOKED 

    256

    The certificate is revoked.

    IASP_CRYPT_E_NO_REVOCATION_DLL 

    257 

    No Dll or exported function was found to verify revocation.

    IASP_CRYPT_E_NO_REVOCATION_CHECK

    258 

    The revocation function was unable to check revocation for the certificate. 

    IASP_CRYPT_E_REVOCATION_OFFLINE 

    259 

    The revocation function was unable to check revocation because the revocation server was offline.

    IASP_SEC_E_MESSAGE_ALTERED 

    260

    The message or signature supplied for verification has been altered 

    IASP_SEC_E_NO_AUTHENTICATING_AUTHORITY 

    261

    No authority could be contacted for authentication. 

    IASP_SEC_E_INCOMPLETE_MESSAGE 

    262

    The supplied message is incomplete. The signature was not verified. 

    IASP_SEC_E_INCOMPLETE_CREDENTIALS 

    263 

    The credentials supplied were not complete, and could not be verified. The context could not be initialized. 

    IASP_SEC_E_TIME_SKEW 

    264 

    The clocks on the client and server machines are skewed.

    IASP_SEC_E_UNTRUSTED_ROOT 

    265 

    The certificate chain was issued by an authority that is not trusted.

    IASP_SEC_E_ILLEGAL_MESSAGE 

    266 

    The message received was unexpected or badly formatted. 

    IASP_SEC_E_CERT_WRONG_USAGE 

    267 

    The certificate is not valid for the requested usage.

    IASP_SEC_E_CERT_EXPIRED 

    268 

    The received certificate has expired. 

    IASP_SEC_E_ALGORITHM_MISMATCH 

    269 

    The client and server cannot communicate, because they do not possess a common algorithm. 

    IASP_SEC_E_SMARTCARD_LOGON_REQUIRED 

    270 

    Smartcard logon is required and was not used.

    IASP_SEC_E_SHUTDOWN_IN_PROGRESS 

    271 

    A system shutdown is in progress. 

    IASP_SEC_E_MULTIPLE_ACCOUNTS 

    272 

    The received certificate was mapped to multiple accounts. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 16, 2018 8:45 AM
    Owner
  • IASP_TRUST_E_PROVIDER_UNKNOWN 

    273 

    Unknown trust provider. 

    IASP_TRUST_E_ACTION_UNKNOWN 

    274 

    The trust verification action specified is not supported by the specified trust provider. 

    IASP_TRUST_E_SUBJECT_FORM_UNKNOWN 

    275 

    The form specified for the subject is not the one supported or known by the specified trust provider. 

    IASP_TRUST_E_SUBJECT_NOT_TRUSTED 

    276 

    The subject is not trusted for the specified action.

     

    IASP_TRUST_E_NOSIGNATURE 

    277 

    No signature was present in the subject.

    IASP_CERT_E_EXPIRED 

    278 

    A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 

    IASP_CERT_E_VALIDITYPERIODNESTING 

    279 

    The validity periods of the certification chain do not nest correctly.

    IASP_CERT_E_ROLE 

    280 

    A certificate that can only be used as an end-entity is being used as a CA or visa versa. 

    IASP_CERT_E_PATHLENCONST 

    281 

    A path length constraint in the certification chain has been violated. 

    IASP_CERT_E_CRITICAL 

    282 

    A certificate contains an unknown extension that is marked 'critical'. 

    IASP_CERT_E_PURPOSE 

    283 

    A certificate being used for a purpose other than the ones specified by its CA.

    IASP_CERT_E_ISSUERCHAINING 

    284 

    A parent of a given certificate in fact did not issue that child certificate. 

    IASP_CERT_E_MALFORMED 

    285 

    A certificate is missing or has an empty value for an important field, such as a subject or issuer name. 

    IASP_CERT_E_UNTRUSTEDROOT 

    286 

    A certificate chain processed, but terminated in a root certificate which is not  trusted by the trust provider. 

    IASP_CERT_E_CHAINING 

    287 

    A certificate chain could not be built to a trusted root authority. 

    IASP_TRUST_E_FAIL 

    288 

    Generic trust failure.

    IASP_CERT_E_REVOKED 

    289 

    A certificate was explicitly revoked by its issuer. 

    IASP_CERT_E_UNTRUSTEDTESTROOT 

    290 

    The certification path terminates with the test root which is not trusted with the current policy settings.

    IASP_CERT_E_REVOCATION_FAILURE 

    291 

    The revocation process could not continue - the certificate(s) could not be checked.

    IASP_CERT_E_CN_NO_MATCH 

    292 

    The certificate's CN name does not match the passed value. 

    IASP_CERT_E_WRONG_USAGE 

    293 

    The certificate is not valid for the requested usage. 

    IASP_TRUST_E_EXPLICIT_DISTRUST 

    294 

    The certificate was explicitly marked as untrusted by the user. 

    IASP_CERT_E_UNTRUSTEDCA 

    295 

    A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.

    IASP_CERT_E_INVALID_POLICY 

    296 

    The certificate has invalid policy. 

    IASP_CERT_E_INVALID_NAME 

    297 

    The certificate has an invalid name. The name is not included in the permitted list or is explicitly excluded. 

    IASP_SEC_E_PKINIT_NAME_MISMATCH 

    298 

    The client cert name does not match the user name or the KDC name is incorrect.

    IASP_SEC_E_OUT_OF_SEQUENCE 

    299 

    The message supplied for verification is out of sequence

    IASP_SEC_E_NO_CREDENTIALS 

    300 

    No credentials are available in the security package 

     

    Go Back


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 16, 2018 8:46 AM
    Owner