2.2 Message Syntax
For domain support, authentication protocols MUST use an NRPC pass-through authentication ([MS-NRPC] section 3.2) method with parameters determined by the authentication protocol being used.
Interactive and network logon information, passed through the LogonInformation parameter, is used when calling the NetrLogonSamLogonEx method ([MS-NRPC] section 3.5.4.5.1). Domain controller Kerberos PAC validation and digest messages MUST be encoded as opaque blobs and transported by the generic pass-through capability of Netlogon ([MS-NRPC] section 3.2.4.1).
All message fields, including bit flags, are in the following sections in little-endian format. These data structures MUST be built as if they are on a little-endian machine before transmission. On reception, the messages MUST be interpreted as little-endian and transformed into the native endianness of the implementation.
The following table shows a few of the main status codes returned by these protocols. For a complete list of status codes, see [MS-ERREF].
|
Symbolic name |
Value |
Meaning |
|---|---|---|
|
STATUS_SUCCESS |
0x00000000 |
Requested operation succeeded. |
|
STATUS_LOGON_FAILURE |
0xC000006D |
Authentication failed. |
|
STATUS_NO_SUCH_USER |
0xC0000064 |
Specified account does not exist. |
|
STATUS_NO_LOGON_SERVERS |
0xC000005E |
None of the domain controllers are reachable to service the request. |