Share via


NPS Reason Codes 283 Through 303

Applies To: Windows Server 2008, Windows Server 2008 R2

Network Policy Server (NPS) provides reason codes to identify changes, problems, and status via events in Event Viewer while NPS is running. You can use the following reason code definitions to look up reason codes and clarify their meaning.

Note

There are intentional gaps in the numeric sequence of reason codes. For example, the reason codes 38 and 48 exist, but there are currently no reason codes that correspond to the numbers 39 through 47.

Following are some of the reason codes provided by NPS.

Reason code Description

283

Authentication failed. The certificate does not contain the Client Authentication purpose in Application Policies extensions, and cannot be used for authentication.

284

Authentication failed. The certificate is not valid because the certificate issuer and the parent of the certificate in the certificate chain are required to match but do not match.

285

Authentication failed. NPS cannot locate the certificate, or the certificate is incorrectly formed and is missing important information.

286

Authentication failed. The certificate provided by the connecting user or computer is issued by a certification authority (CA) that is not trusted by the NPS server.

287

Authentication failed. The certificate provided by the connecting user or computer does not chain to an enterprise root CA that NPS trusts.

288

Authentication failed due to an unspecified trust failure.

289

Authentication failed. The certificate provided by the connecting user or computer is revoked and is not valid.

290

Authentication failed. A test or trial certificate is in use, however the test root CA is not trusted, according to local or domain policy settings.

291

Authentication failed because NPS cannot locate and access the certificate revocation list to verify whether the certificate has or has not been revoked. This issue can occur if the revocation server is not available or if the certificate revocation list cannot be located in the revocation server database.

292

Authentication failed. The value of the User-Name attribute in the connection request does not match the value of the common name (CN) property in the certificate.

293

Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason.

294

Authentication failed because the certificate was explicitly marked as untrusted by the Administrator. Certificates are designated as untrusted when they are imported into the Untrusted Certificates folder in the certificate store for the Current User or Local Computer in the Certificates Microsoft Management Console (MMC) snap-in.

295

Authentication failed. The certificate provided by the connecting user or computer is issued by a CA that is not trusted by the NPS server.

296

Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason.

297

Authentication failed. The certificate provided by the connecting user or computer is not valid because it does not have a valid name.

298

Authentication failed. Either the certificate does not contain a valid user principal name (UPN) or the value of the User-Name attribute in the connection request does not match the certificate.

299

Authentication failed. The sequence of information provided by internal components or protocols during message verification is incorrect.

300

Authentication failed. The certificate is malformed and Extensible Authentication Protocl (EAP) cannot locate credential information in the certificate.

301

NPS terminated the authentication process. NPS received a cryptobinding type length value (TLV) from the access client that is not valid. This issue occurs when an attempt to breach your network security has occurred and a man-in-the-middle (MITM) attack is in progress. During MITM attacks on your network, attackers use unauthorized computers to intercept traffic between your legitimate hosts while posing as one of the legitimate hosts. The attacker's computer attempts to gain data from your other network resources. This enables the attacker to use the unauthorized computer to intercept, decrypt, and access all network traffic that would otherwise go to one of your legitimate network resources.

302

NPS terminated the authentication process. NPS did not receive a required cryptobinding type length value (TLV) from the access client during the authentication process.