Result code log values
Applies To: Forefront Threat Management Gateway (TMG)
The Web Proxy and Firewall logs can include a Result Code field that specifies the status of the request. It may be a Windows (Win32) error code (for values less than 100), an HTTP status code (for values between 100 and 1,000), a Winsock error code (for values between 10,004 and 11,031), or a Forefront TMG error code.
Web Proxy: result code log values
For the Web Proxy log, the HTTP Status Code column represents an HTTP error (from the Web proxy). This error can return one of the following values:
An HTTP response code, as defined in the HTTP RFC. For a list of HTTP response codes, see the Platform SDK.
A Winsock error code. For a list of Winsock error codes, see MSDN.
A Forefront TMG Web Proxy error code. These errors also include a description. Error codes that start with 122 are used for forward access and error codes that start with 123 are used for reverse access.
The following table summarizes some of the result code values.
| Source values | Description |
|---|---|
0 |
The operation completed successfully. |
200 |
OK. |
201 |
Created. |
202 |
Accepted. |
204 |
No content. |
301 |
Moved permanently. |
302 |
Moved temporarily. |
304 |
Not modified. |
400 |
Bad request. |
401 |
Unauthorized. |
403 |
Forbidden. |
404 |
Not found. |
500 |
Server error. |
501 |
Not implemented. |
502 |
Bad gateway. |
503 |
Out of resources. |
995 |
Operation aborted. |
10060 |
A connection timed out. |
10061 |
A connection was refused by the destination host. |
10065 |
No route to host. |
11001 |
Host not found. |
12201 |
A chained proxy server or array member requires proxy-to-proxy authentication. Please contact your server administrator. |
12301 |
A chained server requires authentication. Contact the server administrator. |
12202 |
The Forefront TMG denied the specified Uniform Resource Locator (URL). |
12302 |
The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. |
12204/ 12304 |
The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. |
12206 |
The Forefront TMG detected a proxy chain loop. There is a problem with the configuration of the Forefront TMG routing policy. Please contact your server administrator. |
12306 |
The server detected a chain loop. There is a problem with the configuration of the server routing policy. Contact the server administrator. |
12207 |
Forefront TMG dial-out connection failed. The administrator should manually dial the specified phonebook entry to determine if the number can be reached. |
12307 |
The dial-out connection failed. The dial-out connection failed with the specified phonebook entry. The administrator should manually dial the specified phonebook entry to confirm that the problem is not the Windows auto-dial facility. |
12208 |
Forefront TMG is too busy to handle this request. Reenter the request or renew the connection to the server (now or at a later time). |
12308 |
The server is too busy to handle this request. Reenter the request or try again later. |
12209 |
The Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. |
12309 |
The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. |
12210/ 12310 |
An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. |
12211 |
Forefront TMG requires a secure channel connection to fulfill the request. Forefront TMG is configured to respond to outgoing secure (Secure Sockets Layer (SSL)) channel requests. |
12311 |
The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator. |
12213 |
Forefront TMG requires a client certificate to fulfill the request. A Secure Sockets Layer (SSL) Web server, during the authentication process, requires a client certificate. |
12313 |
The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator. |
12214/ 12314 |
An Internet Server API (ISAPI) filter caused an error or terminated with an error. |
12215 |
The size of the request header is too large. Contact your Forefront TMG administrator. |
12315 |
The size of the request header is too large. Contact the server administrator. |
12216 |
The size of the response header is too large. Contact your Forefront TMG administrator. |
12316 |
The size of the response header is too large. Contact the server administrator. |
12217 |
The request was rejected by the HTTP filter. Contact your Forefront TMG administrator. |
12317 |
The request was rejected by the HTTP filter. Contact the server administrator. |
12218 |
Forefront TMG cannot handle your request because the DNS quota was exceeded. Contact your Forefront TMG administrator. |
12318 |
Forefront TMG cannot handle your request because the DNS quota was exceeded. Contact the server administrator. |
12219 |
The number of HTTP requests per minute exceeded the configured limit. Contact your Forefront TMG administrator. |
12319 |
The number of HTTP requests per minute exceeded the configured limit. Contact the server administrator. |
12320 |
Forefront TMG is configured to block HTTP requests that require authentication. |
12221/ 12321 |
The client certificate used to establish the SSL connection with the Forefront TMG computer is not trusted. |
12222/ 12322 |
The client certificate used to establish the SSL connection with the Forefront TMG computer is not acceptable. The client certificate restrictions not met. |
12323 |
Authentication failed. The client certificate used to establish an SSL connection with the Forefront TMG computer does not match the user credentials that you entered. |
12224 |
The SSL server certificate supplied by a destination server is not yet valid. |
12225 |
The SSL server certificate supplied by a destination server expired. |
12226 |
The certification authority that issued the SSL server certificate supplied by a destination server is not trusted by the local computer. |
12227 |
The name on the SSL server certificate supplied by a destination server does not match the name of the host requested. |
12228 |
The SSL certificate supplied by a destination server cannot be used to validate the server because it is not a server certificate. |
12229 |
The Web site requires a client certificate, but a client certificate cannot be supplied when HTTPS inspection is applied to the request. |
12230 |
The SSL server certificate supplied by a destination server has been revoked by the certification authority that issued it. |
12234/ 12334 |
The traffic was blocked by IPS. |
12235 |
Web traffic was blocked for a rule with URL filtering enabled because the URL filtering database is not available. |
12236/ 12336 |
Download failed because a third-party Web content filter does not support downloads that exceed 4GB. |
12337 |
Download failed because the Link Translation filter does not support downloads that exceed 4GB. |
12238/ 12338 |
Download failed because the Compression filter does not support downloads that exceed 4GB. |
12239/ 12339 |
Request failed because the size of the request body is too large. |
Firewall: Result Code Log Values
In the Firewall log, the result code field represents an error. It can be one of the following:
A Windows-based HRESULT error code.
A Forefront TMG service error code. These errors typically begin with 0xC00. Error text typically includes FWX_E_.
The following table summarizes run-time error codes, defined in Wspfwerr.h, which may be returned by the Microsoft Firewall service and may appear as result codes in Forefront TMG logs.
| Symbolic name | Code | Message text |
|---|---|---|
FWX_E_TERMINATING |
0xC0040001 |
The object is shutting down. |
FWX_E_INVALID_ARG |
0xC0040002 |
The argument is invalid. |
FWX_E_ALREADY_IN_BLOCKING_OP |
0xC0040003 |
The blocking operation is already started. |
FWX_E_NOT_IN_BLOCKING_OP |
0xC0040004 |
There is no blocking operation to be ended. |
FWX_E_FILTER_NOT_REGISTERED |
0xC0040005 |
The filter is not registered. |
FWX_E_ALREADY_EXISTS |
0x800700B7 |
The object cannot be created because an object with the same name already exists. |
FWX_E_BUFFERFULL |
0xC0040007 |
Not all the data was appended to the buffer object because the buffer was full. |
FWX_E_ALREADY_EMULATED |
0xC0040009 |
The connection is already emulated by another filter. |
FWX_E_BAD_CONTEXT |
0xC004000A |
The method was not called while handling any of the supported events. |
FWX_E_NOT_SUPPORTED |
0xC004000B |
Modifying this property is not allowed for this session. |
FWX_E_NOT_AUTHENTICATED |
0xC004000C |
The action cannot be performed because the session is not authenticated. |
FWX_E_POLICY_RULES_DENIED |
0xC004000D |
The policy rules do not allow the user request. |
FWX_E_MIME_NEEDED |
0xC004000E |
The MIME type is required. |
FWX_E_MUST_USE_DS |
0xC004000F |
- |
FWX_E_NOT_EMULATED |
0xC0040010 |
The connection is not emulated. |
FWX_E_IS_BUSY |
0xC0040011 |
A connection was dropped because there are too many pending connection requests. |
FWX_E_NETWORK_RULES_DENIED |
0xC0040012 |
The network rules do not allow the connection requested. |
FWX_E_FRAGMENT_PACKET_DROPPED |
0xC0040013 |
A packet was dropped because it contained an IP fragment that Forefront TMG is configured to block. |
FWX_E_FWE_SPOOFING_PACKET_DROPPED |
0xC0040014 |
A packet was dropped because Forefront TMG determined that the source IP address is spoofed. |
FWX_E_TCPIPDROP_PACKET_DROPPED |
0xC0040015 |
A packet was dropped by the TCP/IP stack. |
FWX_E_NO_BACKLOG_PACKET_DROPPED |
0xC0040016 |
A packet was dropped because the rate of requests for incoming connections was too high. |
FWX_E_TCP_NOT_SYN_PACKET_DROPPED |
0xC0040017 |
A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer. |
FWX_E_BAD_LENGTH_PACKET_DROPPED |
0xC0040018 |
A packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length. |
FWX_E_PING_OF_DEATH_PACKET_DROPPED |
0xC0040019 |
A packet was dropped because Forefront TMG detected a ping-of-death attack. |
FWX_E_OUT_OF_BAND_PACKET_DROPPED |
0xC004001A |
A packet was dropped because Forefront TMG detected a Windows out-of-band (WinNuke) attack. |
FWX_E_IP_HALF_SCAN_PACKET_DROPPED |
0xC004001B |
A packet was dropped because Forefront TMG detected an IP half-scan attack. |
FWX_E_LAND_ATTACK_DROPPED |
0xC004001C |
A packet was dropped because Forefront TMG detected a land attack. |
FWX_E_UDP_BOMB_DROPPED |
0xC004001D |
A packet was dropped because Forefront TMG detected a UDP bomb attack. |
FWX_E_FULLDENY_DROPPED |
0xC004001E |
A packet was dropped because Forefront TMG is operating in lockdown mode. |
FWX_E_IPOPTIONS_DROPPED |
0xC004001F |
A packet was dropped because its header includes one or more IP options that Forefront TMG is configured to block. |
FWX_E_UNCOMPLETED_CONNECTION_REQUEST |
0xC0040020 |
An attempt to log on to the VPN server was rejected during the authentication phase because the authentication data was not received in a timely manner. The client session was disconnected. |
FWX_E_CONNECTION_REQUEST_REJECTED |
0xC0040021 |
An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected. |
FWX_E_VALIDATE_QUARANTINE_FAILED |
0xC0040022 |
The VPN quarantine settings could not be validated. The client session was disconnected. |
FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED |
0xC0040023 |
The VPN client connection limit was exceeded. The client session was disconnected. |
FWX_E_OUT_OF_RESOURCES |
0xC0040024 |
A packet was dropped because there are insufficient resources. |
FWX_E_BROADCAST_PACKET_DROPPED |
0xC0040025 |
A broadcast packet was dropped by the Forefront TMG policy. |
FWX_E_UNKNOWN_ADAPTER_DROPPED |
0xC0040026 |
Reserved for future use. |
FWX_E_ICMP_ERROR_PACKET_DROPPED |
0xC0040027 |
Reserved for future use. |
FWX_E_INVALID_PROTOCOL_PACKET_DROPPED |
0xC0040028 |
A packet was dropped because its header specifies an invalid IP protocol (255) or address (0.0.0.0). |
FWX_E_PORT_ZERO_PACKET_DROPPED |
0xC0040029 |
A packet was dropped because its transport header specifies an invalid port (0). |
FWX_E_SYN_ATTACK_START |
0xC004002A |
Forefront TMG detected a SYN attack. |
FWX_E_SYN_ATTACK_END |
0xC004002B |
Forefront TMG is no longer experiencing a SYN attack. |
FWX_E_INVALID_DHCP_OFFER |
0xC004002C |
An invalid DHCP offer was blocked. |
FWX_E_UNREACHABLE_ADDRESS |
0xC004002D |
A packet was dropped because its destination IP address is unreachable. |
FWX_E_ADDRESS_NOT_ALLOWED |
0xC004002E |
An attempt to establish a connection by an application filter was rejected because the source address is not in a range that is allowed for the destination address. |
FWX_E_IPSEC_NO_ROUTE_DROPPED |
0xC004002F |
A packet arriving through an IPsec tunnel was rejected because its source address is not expected for the tunnel. |
FWX_E_OUTBOUND_PATH_THROUGH_DROPPED |
0xC0040030 |
A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter. |
FWX_E_BAD_TCP_CHECKSUM_DROPPED |
0xC0040031 |
A packet was dropped because verification of its TCP checksum failed. |
FWX_E_VPN_USER_MAPPING_FAILED |
0xC0040032 |
An attempt to map a VPN client to a Windows user failed. The client session was disconnected. |
FWX_E_RULE_QUOTA_EXCEEDED_DROPPED |
0xC0040033 |
A connection was rejected because the maximum number of connections that can be created for a rule during one second was exceeded. |
FWX_E_SEQ_ACK_MISMATCH |
0xC0040034 |
A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number. |
WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN |
0x80074E20 |
A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. |
WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN |
0x80074E21 |
A connection was abortively closed after one of the peers sent a RST segment. |
WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED |
0x80074E23 |
A connection was refused because a quota set in a rule was exceeded. |
WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED |
0x80074E24 |
Forefront TMG killed a connection. |
WSA_RWS_TIMEOUT or FWX_E_TIMEOUT |
0x80074E25 |
A connection was terminated because it was idle for more than the time-out period, or the time-out on an incomplete action expired. |
WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE |
0x80074E26 |
A connection was terminated from Forefront TMG Management during shutdown, or when a VPN client was disconnected. |
FWX_E_THREAD_QUOTA_EXCEEDED |
0xC0040035 |
A blocking operation could not be performed because the thread limit for this operation was reached. |
FWX_E_DNS_QUOTA_EXCEEDED |
0xC0040036 |
A DNS query could not be performed because the query limit was reached. |
FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED |
0xC0040037 |
A connection was rejected because the maximum connections rate for a single client host was exceeded. |
FWX_E_TCP_NO_SERVER_REPLY |
0xC0040038 |
A connection was closed because no SYN/ACK reply was received from the server. |
FWX_E_POLICY_CONNECTION_CLOSED |
0xC0040039 |
An existing connection was closed because it is no longer allowed by the policy. |
FWX_E_NAT_ADDRESS_NOT_AVAILABLE |
0xC004003A |
A network rule specifies a NAT address, but no local IP address is available for NAT on the server. |
FWX_E_IPS_BLOCKED |
0xC004003B |
The connection was blocked by network inspection system (NIS). |
FWX_E_IPS_DETECTED |
0xC004003C |
The network inspection system (NIS) detected traffic that matches a vulnerability signature. |
FWX_E_CONNECTION_QUARANTINED |
0xC004003D |
The connection was closed because the client was quarantined. |
FWX_E_FW_IPSEC_DROPPED |
0xC004003E |
A packet was dropped due to periodic inconsistency between the IPSec policy and Forefront TMG's snapshot of the IPSec policy. |
FWX_E_TRANSITION_DROPPED |
0xC004003F |
A packet was dropped while adjusting the Forefront TMG behavior to a new IPSec policy. |
FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK |
0xC0040040 |
Both input addresses belong to the same network. |
FWX_E_UNSUPPORTED_IPV6_DROPPED |
0xC0040041 |
A packet was dropped because IPv6 protocol is not supported. |
FWX_E_INVALID_ROUTER_ADV |
0xC0040042 |
An invalid IPv6 router advertisement. |
FWX_E_IPV6_ROUTING_HEADER |
0xC0040043 |
IPv6 routing header presents. |
FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC |
0xC0040044 |
The FW engine failed to apply the IPSec configuration. |
FWE_E_FAIL_TRANSACT_TO_IPSEC |
0xC0040045 |
The FW engine entered an invalid state. |
FWX_E_UNSUPPORTED_NATPT_DROPPED |
0xC0040046 |
An unsupported NAT-PT packet was dropped. |
FWX_E_NIS_LOAD_POLICY_FAILED |
0xC0040047 |
The FW engine failed to process the network inspection system (NIS) signature set. |