NPS Reason Codes 283 Through 303
Applies To: Windows Server 2008, Windows Server 2008 R2
Network Policy Server (NPS) provides reason codes to identify changes, problems, and status via events in Event Viewer while NPS is running. You can use the following reason code definitions to look up reason codes and clarify their meaning.
Note
There are intentional gaps in the numeric sequence of reason codes. For example, the reason codes 38 and 48 exist, but there are currently no reason codes that correspond to the numbers 39 through 47.
Following are some of the reason codes provided by NPS.
| Reason code | Description |
|---|---|
283 |
Authentication failed. The certificate does not contain the Client Authentication purpose in Application Policies extensions, and cannot be used for authentication. |
284 |
Authentication failed. The certificate is not valid because the certificate issuer and the parent of the certificate in the certificate chain are required to match but do not match. |
285 |
Authentication failed. NPS cannot locate the certificate, or the certificate is incorrectly formed and is missing important information. |
286 |
Authentication failed. The certificate provided by the connecting user or computer is issued by a certification authority (CA) that is not trusted by the NPS server. |
287 |
Authentication failed. The certificate provided by the connecting user or computer does not chain to an enterprise root CA that NPS trusts. |
288 |
Authentication failed due to an unspecified trust failure. |
289 |
Authentication failed. The certificate provided by the connecting user or computer is revoked and is not valid. |
290 |
Authentication failed. A test or trial certificate is in use, however the test root CA is not trusted, according to local or domain policy settings. |
291 |
Authentication failed because NPS cannot locate and access the certificate revocation list to verify whether the certificate has or has not been revoked. This issue can occur if the revocation server is not available or if the certificate revocation list cannot be located in the revocation server database. |
292 |
Authentication failed. The value of the User-Name attribute in the connection request does not match the value of the common name (CN) property in the certificate. |
293 |
Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason. |
294 |
Authentication failed because the certificate was explicitly marked as untrusted by the Administrator. Certificates are designated as untrusted when they are imported into the Untrusted Certificates folder in the certificate store for the Current User or Local Computer in the Certificates Microsoft Management Console (MMC) snap-in. |
295 |
Authentication failed. The certificate provided by the connecting user or computer is issued by a CA that is not trusted by the NPS server. |
296 |
Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason. |
297 |
Authentication failed. The certificate provided by the connecting user or computer is not valid because it does not have a valid name. |
298 |
Authentication failed. Either the certificate does not contain a valid user principal name (UPN) or the value of the User-Name attribute in the connection request does not match the certificate. |
299 |
Authentication failed. The sequence of information provided by internal components or protocols during message verification is incorrect. |
300 |
Authentication failed. The certificate is malformed and Extensible Authentication Protocl (EAP) cannot locate credential information in the certificate. |
301 |
NPS terminated the authentication process. NPS received a cryptobinding type length value (TLV) from the access client that is not valid. This issue occurs when an attempt to breach your network security has occurred and a man-in-the-middle (MITM) attack is in progress. During MITM attacks on your network, attackers use unauthorized computers to intercept traffic between your legitimate hosts while posing as one of the legitimate hosts. The attacker's computer attempts to gain data from your other network resources. This enables the attacker to use the unauthorized computer to intercept, decrypt, and access all network traffic that would otherwise go to one of your legitimate network resources. |
302 |
NPS terminated the authentication process. NPS did not receive a required cryptobinding type length value (TLV) from the access client during the authentication process. |