Share via


Result code log values

Applies To: Forefront Threat Management Gateway (TMG)

The Web Proxy and Firewall logs can include a Result Code field that specifies the status of the request. It may be a Windows (Win32) error code (for values less than 100), an HTTP status code (for values between 100 and 1,000), a Winsock error code (for values between 10,004 and 11,031), or a Forefront TMG error code.

Web Proxy: result code log values

For the Web Proxy log, the HTTP Status Code column represents an HTTP error (from the Web proxy). This error can return one of the following values:

  • An HTTP response code, as defined in the HTTP RFC. For a list of HTTP response codes, see the Platform SDK.

  • A Winsock error code. For a list of Winsock error codes, see MSDN.

  • A Forefront TMG Web Proxy error code. These errors also include a description. Error codes that start with 122 are used for forward access and error codes that start with 123 are used for reverse access.

The following table summarizes some of the result code values.

Source values Description

        0

The operation completed successfully.

    200

OK.

    201

Created.

    202

Accepted.

    204

No content.

    301

Moved permanently.

    302

Moved temporarily.

    304

Not modified.

    400

Bad request.

    401

Unauthorized.

    403

Forbidden.

    404

Not found.

    500

Server error.

    501

Not implemented.

    502

Bad gateway.

    503

Out of resources.

    995

Operation aborted.

10060

A connection timed out.

10061

A connection was refused by the destination host.

10065

No route to host.

11001

Host not found.

12201

A chained proxy server or array member requires proxy-to-proxy authentication. Please contact your server administrator.

12301

A chained server requires authentication. Contact the server administrator.

12202

The Forefront TMG denied the specified Uniform Resource Locator (URL).

12302

The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.

12204/ 12304

The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.

12206

The Forefront TMG detected a proxy chain loop. There is a problem with the configuration of the Forefront TMG routing policy. Please contact your server administrator.

12306

The server detected a chain loop. There is a problem with the configuration of the server routing policy. Contact the server administrator.

12207

Forefront TMG dial-out connection failed. The administrator should manually dial the specified phonebook entry to determine if the number can be reached.

12307

The dial-out connection failed. The dial-out connection failed with the specified phonebook entry. The administrator should manually dial the specified phonebook entry to confirm that the problem is not the Windows auto-dial facility.

12208

Forefront TMG is too busy to handle this request. Reenter the request or renew the connection to the server (now or at a later time).

12308

The server is too busy to handle this request. Reenter the request or try again later.

12209

The Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.

12309

The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

12210/ 12310

An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.

12211

Forefront TMG requires a secure channel connection to fulfill the request. Forefront TMG is configured to respond to outgoing secure (Secure Sockets Layer (SSL)) channel requests.

12311

The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.

12213

Forefront TMG requires a client certificate to fulfill the request. A Secure Sockets Layer (SSL) Web server, during the authentication process, requires a client certificate.

12313

The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator.

12214/ 12314

An Internet Server API (ISAPI) filter caused an error or terminated with an error.

12215

The size of the request header is too large. Contact your Forefront TMG administrator.

12315

The size of the request header is too large. Contact the server administrator.

12216

The size of the response header is too large. Contact your Forefront TMG administrator.

12316

The size of the response header is too large. Contact the server administrator.

12217

The request was rejected by the HTTP filter. Contact your Forefront TMG administrator.

12317

The request was rejected by the HTTP filter. Contact the server administrator.

12218

Forefront TMG cannot handle your request because the DNS quota was exceeded. Contact your Forefront TMG administrator.

12318

Forefront TMG cannot handle your request because the DNS quota was exceeded. Contact the server administrator.

12219

The number of HTTP requests per minute exceeded the configured limit. Contact your Forefront TMG administrator.

12319

The number of HTTP requests per minute exceeded the configured limit. Contact the server administrator.

12320

Forefront TMG is configured to block HTTP requests that require authentication.

12221/ 12321

The client certificate used to establish the SSL connection with the Forefront TMG computer is not trusted.

12222/ 12322

The client certificate used to establish the SSL connection with the Forefront TMG computer is not acceptable. The client certificate restrictions not met.

12323

Authentication failed. The client certificate used to establish an SSL connection with the Forefront TMG computer does not match the user credentials that you entered.

12224

The SSL server certificate supplied by a destination server is not yet valid.

12225

The SSL server certificate supplied by a destination server expired.

12226

The certification authority that issued the SSL server certificate supplied by a destination server is not trusted by the local computer.

12227

The name on the SSL server certificate supplied by a destination server does not match the name of the host requested.

12228

The SSL certificate supplied by a destination server cannot be used to validate the server because it is not a server certificate.

12229

The Web site requires a client certificate, but a client certificate cannot be supplied when HTTPS inspection is applied to the request.

12230

The SSL server certificate supplied by a destination server has been revoked by the certification authority that issued it.

12234/ 12334

The traffic was blocked by IPS.

12235

Web traffic was blocked for a rule with URL filtering enabled because the URL filtering database is not available.

12236/ 12336

Download failed because a third-party Web content filter does not support downloads that exceed 4GB.

12337

Download failed because the Link Translation filter does not support downloads that exceed 4GB.

12238/ 12338

Download failed because the Compression filter does not support downloads that exceed 4GB.

12239/ 12339

Request failed because the size of the request body is too large.

Firewall: Result Code Log Values

In the Firewall log, the result code field represents an error. It can be one of the following:

  • A Windows-based HRESULT error code.

  • A Forefront TMG service error code. These errors typically begin with 0xC00. Error text typically includes FWX_E_.

The following table summarizes run-time error codes, defined in Wspfwerr.h, which may be returned by the Microsoft Firewall service and may appear as result codes in Forefront TMG logs.

Symbolic name Code Message text

FWX_E_TERMINATING

0xC0040001

The object is shutting down.

FWX_E_INVALID_ARG

0xC0040002

The argument is invalid.

FWX_E_ALREADY_IN_BLOCKING_OP

0xC0040003

The blocking operation is already started.

FWX_E_NOT_IN_BLOCKING_OP

0xC0040004

There is no blocking operation to be ended.

FWX_E_FILTER_NOT_REGISTERED

0xC0040005

The filter is not registered.

FWX_E_ALREADY_EXISTS

0x800700B7

The object cannot be created because an object with the same name already exists.

FWX_E_BUFFERFULL

0xC0040007

Not all the data was appended to the buffer object because the buffer was full.

FWX_E_ALREADY_EMULATED

0xC0040009

The connection is already emulated by another filter.

FWX_E_BAD_CONTEXT

0xC004000A

The method was not called while handling any of the supported events.

FWX_E_NOT_SUPPORTED

0xC004000B

Modifying this property is not allowed for this session.

FWX_E_NOT_AUTHENTICATED

0xC004000C

The action cannot be performed because the session is not authenticated.

FWX_E_POLICY_RULES_DENIED

0xC004000D

The policy rules do not allow the user request.

FWX_E_MIME_NEEDED

0xC004000E

The MIME type is required.

FWX_E_MUST_USE_DS

0xC004000F

-

FWX_E_NOT_EMULATED

0xC0040010

The connection is not emulated.

FWX_E_IS_BUSY

0xC0040011

A connection was dropped because there are too many pending connection requests.

FWX_E_NETWORK_RULES_DENIED

0xC0040012

The network rules do not allow the connection requested.

FWX_E_FRAGMENT_PACKET_DROPPED

0xC0040013

A packet was dropped because it contained an IP fragment that Forefront TMG is configured to block.

FWX_E_FWE_SPOOFING_PACKET_DROPPED

0xC0040014

A packet was dropped because Forefront TMG determined that the source IP address is spoofed.

FWX_E_TCPIPDROP_PACKET_DROPPED

0xC0040015

A packet was dropped by the TCP/IP stack.

FWX_E_NO_BACKLOG_PACKET_DROPPED

0xC0040016

A packet was dropped because the rate of requests for incoming connections was too high.

FWX_E_TCP_NOT_SYN_PACKET_DROPPED

0xC0040017

A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.

FWX_E_BAD_LENGTH_PACKET_DROPPED

0xC0040018

A packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length.

FWX_E_PING_OF_DEATH_PACKET_DROPPED

0xC0040019

A packet was dropped because Forefront TMG detected a ping-of-death attack.

FWX_E_OUT_OF_BAND_PACKET_DROPPED

0xC004001A

A packet was dropped because Forefront TMG detected a Windows out-of-band (WinNuke) attack.

FWX_E_IP_HALF_SCAN_PACKET_DROPPED

0xC004001B

A packet was dropped because Forefront TMG detected an IP half-scan attack.

FWX_E_LAND_ATTACK_DROPPED

0xC004001C

A packet was dropped because Forefront TMG detected a land attack.

FWX_E_UDP_BOMB_DROPPED

0xC004001D

A packet was dropped because Forefront TMG detected a UDP bomb attack.

FWX_E_FULLDENY_DROPPED

0xC004001E

A packet was dropped because Forefront TMG is operating in lockdown mode.

FWX_E_IPOPTIONS_DROPPED

0xC004001F

A packet was dropped because its header includes one or more IP options that Forefront TMG is configured to block.

FWX_E_UNCOMPLETED_CONNECTION_REQUEST

0xC0040020

An attempt to log on to the VPN server was rejected during the authentication phase because the authentication data was not received in a timely manner. The client session was disconnected.

FWX_E_CONNECTION_REQUEST_REJECTED

0xC0040021

An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected.

FWX_E_VALIDATE_QUARANTINE_FAILED

0xC0040022

The VPN quarantine settings could not be validated. The client session was disconnected.

FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED

0xC0040023

The VPN client connection limit was exceeded. The client session was disconnected.

FWX_E_OUT_OF_RESOURCES

0xC0040024

A packet was dropped because there are insufficient resources.

FWX_E_BROADCAST_PACKET_DROPPED

0xC0040025

A broadcast packet was dropped by the Forefront TMG policy.

FWX_E_UNKNOWN_ADAPTER_DROPPED

0xC0040026

Reserved for future use.

FWX_E_ICMP_ERROR_PACKET_DROPPED

0xC0040027

Reserved for future use.

FWX_E_INVALID_PROTOCOL_PACKET_DROPPED

0xC0040028

A packet was dropped because its header specifies an invalid IP protocol (255) or address (0.0.0.0).

FWX_E_PORT_ZERO_PACKET_DROPPED

0xC0040029

A packet was dropped because its transport header specifies an invalid port (0).

FWX_E_SYN_ATTACK_START

0xC004002A

Forefront TMG detected a SYN attack.

FWX_E_SYN_ATTACK_END

0xC004002B

Forefront TMG is no longer experiencing a SYN attack.

FWX_E_INVALID_DHCP_OFFER

0xC004002C

An invalid DHCP offer was blocked.

FWX_E_UNREACHABLE_ADDRESS

0xC004002D

A packet was dropped because its destination IP address is unreachable.

FWX_E_ADDRESS_NOT_ALLOWED

0xC004002E

An attempt to establish a connection by an application filter was rejected because the source address is not in a range that is allowed for the destination address.

FWX_E_IPSEC_NO_ROUTE_DROPPED

0xC004002F

A packet arriving through an IPsec tunnel was rejected because its source address is not expected for the tunnel.

FWX_E_OUTBOUND_PATH_THROUGH_DROPPED

0xC0040030

A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.

FWX_E_BAD_TCP_CHECKSUM_DROPPED

0xC0040031

A packet was dropped because verification of its TCP checksum failed.

FWX_E_VPN_USER_MAPPING_FAILED

0xC0040032

An attempt to map a VPN client to a Windows user failed. The client session was disconnected.

FWX_E_RULE_QUOTA_EXCEEDED_DROPPED

0xC0040033

A connection was rejected because the maximum number of connections that can be created for a rule during one second was exceeded.

FWX_E_SEQ_ACK_MISMATCH

0xC0040034

A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number.

WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN

0x80074E20

A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.

WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN

0x80074E21

A connection was abortively closed after one of the peers sent a RST segment.

WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED

0x80074E23

A connection was refused because a quota set in a rule was exceeded.

WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED

0x80074E24

Forefront TMG killed a connection.

WSA_RWS_TIMEOUT or FWX_E_TIMEOUT

0x80074E25

A connection was terminated because it was idle for more than the time-out period, or the time-out on an incomplete action expired.

WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE

0x80074E26

A connection was terminated from Forefront TMG Management during shutdown, or when a VPN client was disconnected.

FWX_E_THREAD_QUOTA_EXCEEDED

0xC0040035

A blocking operation could not be performed because the thread limit for this operation was reached.

FWX_E_DNS_QUOTA_EXCEEDED

0xC0040036

A DNS query could not be performed because the query limit was reached.

FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED

0xC0040037

A connection was rejected because the maximum connections rate for a single client host was exceeded.

FWX_E_TCP_NO_SERVER_REPLY

0xC0040038

A connection was closed because no SYN/ACK reply was received from the server.

FWX_E_POLICY_CONNECTION_CLOSED

0xC0040039

An existing connection was closed because it is no longer allowed by the policy.

FWX_E_NAT_ADDRESS_NOT_AVAILABLE

0xC004003A

A network rule specifies a NAT address, but no local IP address is available for NAT on the server.

FWX_E_IPS_BLOCKED

0xC004003B

The connection was blocked by network inspection system (NIS).

FWX_E_IPS_DETECTED

0xC004003C

The network inspection system (NIS) detected traffic that matches a vulnerability signature.

FWX_E_CONNECTION_QUARANTINED

0xC004003D

The connection was closed because the client was quarantined.

FWX_E_FW_IPSEC_DROPPED

0xC004003E

A packet was dropped due to periodic inconsistency between the IPSec policy and Forefront TMG's snapshot of the IPSec policy.

FWX_E_TRANSITION_DROPPED

0xC004003F

A packet was dropped while adjusting the Forefront TMG behavior to a new IPSec policy.

FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK

0xC0040040

Both input addresses belong to the same network.

FWX_E_UNSUPPORTED_IPV6_DROPPED

0xC0040041

A packet was dropped because IPv6 protocol is not supported.

FWX_E_INVALID_ROUTER_ADV

0xC0040042

An invalid IPv6 router advertisement.

FWX_E_IPV6_ROUTING_HEADER

0xC0040043

IPv6 routing header presents.

FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC

0xC0040044

The FW engine failed to apply the IPSec configuration.

FWE_E_FAIL_TRANSACT_TO_IPSEC

0xC0040045

The FW engine entered an invalid state.

FWX_E_UNSUPPORTED_NATPT_DROPPED

0xC0040046

An unsupported NAT-PT packet was dropped.

FWX_E_NIS_LOAD_POLICY_FAILED

0xC0040047

The FW engine failed to process the network inspection system (NIS) signature set.