Error Codes
The following are the run-time error codes, defined in Wspfwerr.h, that may be returned by the Microsoft Firewall service and may appear as result codes in Forefront TMG logs. Note that error codes with a message identifier equal to or greater than 0xC0040039 are introduced in Forefront TMG.
| Symbolic name | Hexidecimal ID | Message text |
|---|---|---|
| FWX_E_TERMINATING | 0xC0040001 | The object is shutting down. |
| FWX_E_INVALID_ARG | 0xC0040002 | The argument is invalid. |
| FWX_E_ALREADY_IN_BLOCKING_OP | 0xC0040003 | The blocking operation is already started. |
| FWX_E_NOT_IN_BLOCKING_OP | 0xC0040004 | There is no blocking operation to be ended. |
| FWX_E_FILTER_NOT_REGISTERED | 0xC0040005 | The filter is not registered. |
| FWX_E_ALREADY_EXISTS | 0x800700B7 | The object cannot be created because an object with the same name already exists. |
| FWX_E_BUFFERFULL | 0xC0040007 | Not all the data was appended to the buffer object because the buffer was full. |
| FWX_E_ALREADY_EMULATED | 0xC0040009 | The connection is already emulated by another filter. |
| FWX_E_BAD_CONTEXT | 0xC004000A | The method was not called while handling any of the supported events. |
| FWX_E_NOT_SUPPORTED | 0xC004000B | Modifying this property is not allowed for this session. |
| FWX_E_NOT_AUTHENTICATED | 0xC004000C | The action cannot be performed because the session is not authenticated. |
| FWX_E_POLICY_RULES_DENIED | 0xC004000D | The policy rules do not allow the user request. |
| FWX_E_MIME_NEEDED | 0xC004000E | The MIME type is required. |
| FWX_E_MUST_USE_DS | 0xC004000F | (Reserved for future use.) |
| FWX_E_NOT_EMULATED | 0xC0040010 | The connection is not emulated. |
| FWX_E_IS_BUSY | 0xC0040011 | A connection was dropped because there are too many pending connection requests. |
| FWX_E_NETWORK_RULES_DENIED | 0xC0040012 | The network rules do not allow the connection requested. |
| FWX_E_FRAGMENT_PACKET_DROPPED | 0xC0040013 | A packet was dropped because it contained an IP fragment that Forefront TMG is configured to block. |
| FWX_E_FWE_SPOOFING_PACKET_DROPPED | 0xC0040014 | A packet was dropped because Forefront TMG determined that the source IP address is spoofed. |
| FWX_E_TCPIPDROP_PACKET_DROPPED | 0xC0040015 | A packet was dropped by the TCP/IP stack. |
| FWX_E_NO_BACKLOG_PACKET_DROPPED | 0xC0040016 | A packet was dropped because the rate of requests for incoming connections was too high. |
| FWX_E_TCP_NOT_SYN_PACKET_DROPPED | 0xC0040017 | A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer. |
| FWX_E_BAD_LENGTH_PACKET_DROPPED | 0xC0040018 | A packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length. |
| FWX_E_PING_OF_DEATH_PACKET_DROPPED | 0xC0040019 | A packet was dropped because Forefront TMG detected a ping-of-death attack. |
| FWX_E_OUT_OF_BAND_PACKET_DROPPED | 0xC004001A | A packet was dropped because Forefront TMG detected a Windows out-of-band (WinNuke) attack. |
| FWX_E_IP_HALF_SCAN_PACKET_DROPPED | 0xC004001B | A packet was dropped because Forefront TMG detected an IP half-scan attack. |
| FWX_E_LAND_ATTACK_DROPPED | 0xC004001C | A packet was dropped because Forefront TMG detected a land attack. |
| FWX_E_UDP_BOMB_DROPPED | 0xC004001D | A packet was dropped because Forefront TMG detected a UDP bomb attack. |
| FWX_E_FULLDENY_DROPPED | 0xC004001E | A packet was dropped because Forefront TMG is operating in lockdown mode. (Note that no logging is performed by Forefront TMG in lockdown mode.) |
| FWX_E_IPOPTIONS_DROPPED | 0xC004001F | A packet was dropped because its header includes one or more IP options that Forefront TMG is configured to block. |
| FWX_E_UNCOMPLETED_CONNECTION_REQUEST | 0xC0040020 | An attempt to log on to the VPN server was rejected during the authentication phase because the authentication data was not received in a timely manner. The client session was disconnected. |
| FWX_E_CONNECTION_REQUEST_REJECTED | 0xC0040021 | An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected. |
| FWX_E_VALIDATE_QUARANTINE_FAILED | 0xC0040022 | The VPN quarantine settings could not be validated. The client session was disconnected. |
| FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED | 0xC0040023 | The VPN client connection limit was exceeded. The client session was disconnected. |
| FWX_E_OUT_OF_RESOURCES | 0xC0040024 | A packet was dropped because there are insufficient resources. |
| FWX_E_BROADCAST_PACKET_DROPPED | 0xC0040025 | A broadcast packet was dropped by the Forefront TMG policy. |
| FWX_E_UNKNOWN_ADAPTER_DROPPED | 0xC0040026 | (Reserved for future use.) |
| FWX_E_ICMP_ERROR_PACKET_DROPPED | 0xC0040027 | (Reserved for future use.) |
| FWX_E_INVALID_PROTCOL_PACKET_DROPPED | 0xC0040028 | A packet was dropped because its header specifies an invalid IP protocol (255) or address (0.0.0.0). |
| FWX_E_PORT_ZERO_PACKET_DROPPED | 0xC0040029 | A packet was dropped because its transport header specifies an invalid port (0). |
| FWX_E_SYN_ATTACK_START | 0xC004002A | Forefront TMG detected a SYN attack. |
| FWX_E_SYN_ATTACK_END | 0xC004002B | Forefront TMG is no longer experiencing a SYN attack. |
| FWX_E_INVALID_DHCP_OFFER | 0xC004002C | An invalid DHCP offer was blocked. |
| FWX_E_UNREACHABLE_ADDRESS | 0xC004002D | A packet was dropped because its destination IP address is unreachable. |
| FWX_E_ADDRESS_NOT_ALLOWED | 0xC004002E | An attempt to establish a connection by an application filter was rejected because the source address is not in a range that is allowed for the destination address. |
| FWX_E_IPSEC_NO_ROUTE_DROPPED | 0xC004002F | A packet arriving through an IPsec tunnel was rejected because its source address is not expected for the tunnel. |
| FWX_E_OUTBOUND_PATH_THROUGH_DROPPED | 0xC0040030 | A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter. |
| FWX_E_BAD_TCP_CHECKSUM_DROPPED | 0xC0040031 | A packet was dropped because verification of its TCP checksum failed. |
| FWX_E_VPN_USER_MAPPING_FAILED | 0xC0040032 | An attempt to map a VPN client to a Windows user failed. The client session was disconnected. |
| FWX_E_RULE_QUOTA_EXCEEDED_DROPPED | 0xC0040033 | A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded. |
| FWX_E_SEQ_ACK_MISMATCH | 0xC0040034 | A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number. |
| FWX_E_THREAD_QUOTA_EXCEEDED | 0xC0040035 | A blocking operation could not be performed because the thread limit for this operation was reached. |
| FWX_E_DNS_QUOTA_EXCEEDED | 0xC0040036 | A DNS query could not be performed because the query limit was reached. |
| FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED | 0xC0040037 | A connection was rejected because the connection limit specifying the maximum number of concurrent connections for a single client host was exceeded. |
| FWX_E_TCP_NO_SERVER_REPLY | 0xC0040038 | A connection was closed because no SYN/ACK reply was received from the server. |
| FWX_E_POLICY_CONNECTION_CLOSED | 0xC0040039 | An existing connection was closed because it is no longer allowed by the policy. |
| FWX_E_NAT_ADDRESS_NOT_AVAILABLE | 0xC004003A | A network rule specifies a NAT relationship, but no local IP address is available for NAT on the server. |
| FWX_E_IPS_BLOCKED | 0xC004003B | The connection was blocked by the Network Inspection System (NIS). |
| FWX_E_IPS_DETECTED | 0xC004003C | The Network Inspection System (NIS) detected traffic that matches a vulnerability signature. |
| FWX_E_CONNECTION_QUARANTINED | 0xC004003D | The connection was closed because the client was quarantined. |
| FWX_E_FW_IPSEC_DROPPED | 0xC004003E | A packet was dropped due to periodic inconsistency between the IPsec policy and the Forefront TMG's snapshot of the IPSsec policy. |
| FWX_E_TRANSITION_DROPPED | 0xC004003F | A packet was dropped while adjusting the Forefront TMG behavior to a new IPsec policy. |
| FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK | 0xC0040040 | Both input addresses belong to the same network. |
| FWX_E_UNSUPPORTED_IPV6_DROPPED | 0xC0040041 | A packet was dropped because the IPv6 protocol is not supported. |
| FWX_E_INVALID_ROUTER_ADV | 0xC0040042 | An invalid IPv6 router advertisement was detected. |
| FWX_E_IPV6_ROUTING_HEADER | 0xC0040043 | An IPv6 routing header was found. |
| FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC | 0xC0040044 | The firewall engine failed to apply the IPsec configuration. |
| FWE_E_FAIL_TRANSACT_TO_IPSEC | 0xC0040045 | The firewall engine entered an invalid state. |
The following are additional run-time codes that may be returned by the Firewall service and may appear as result codes in Forefront TMG logs.
| Symbolic name | Hexidecimal ID | Description |
|---|---|---|
| WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN | 0x80074E20 | A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. |
| WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN | 0x80074E21 | A connection was abortively closed after one of the peers sent an RST packet. |
| WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED | 0x80074E23 | A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded. |
| WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED | 0x80074E24 | Forefront TMG closed an established connection before either peer requested to close it. This typically occurs when an application filter detects a protocol violation, such as a malformed HTTP request. |
| WSA_RWS_TIMEOUT or FWX_E_TIMEOUT | 0x80074E25 | A connection was terminated because it was idle for more than the time-out period, or the time-out on an incompleted action expired. |
| WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE | 0x80074E26 | A connetion was terminated from Forefront TMG Management, during shutdown, or when a VPN client was disconnected. |
Build date: 7/12/2010