Training
Learning path
Secure Windows Server on-premises and hybrid infrastructures - Training
Secure Windows Server on-premises and hybrid infrastructures
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The following status codes are used in SSPI applications and defined in Winerror.h.
Status code | Meaning |
---|---|
SEC_E_ALGORITHM_MISMATCH |
The client and server cannot communicate because they do not possess a common algorithm. |
SEC_E_BAD_BINDINGS |
The SSPI channel bindings supplied by the client are incorrect. |
SEC_E_BAD_PKGID |
The requested package identifier does not exist. |
SEC_E_BUFFER_TOO_SMALL |
The buffers supplied to the function are not large enough to contain the information. |
SEC_E_CANNOT_INSTALL |
The security package cannot initialize successfully and should not be installed. |
SEC_E_CANNOT_PACK |
The package is unable to pack the context. |
SEC_E_CERT_EXPIRED |
The received certificate has expired. |
SEC_E_CERT_UNKNOWN |
An unknown error occurred while processing the certificate. |
SEC_E_CERT_WRONG_USAGE |
The certificate is not valid for the requested usage. |
SEC_E_CONTEXT_EXPIRED |
The application is referencing a context that has already been closed. A properly written application should not receive this error. |
SEC_E_CROSSREALM_DELEGATION_FAILURE |
The server attempted to make a Kerberos-constrained delegation request for a target outside the server's realm. |
SEC_E_CRYPTO_SYSTEM_INVALID |
The cryptographic system or checksum function is not valid because a required function is unavailable. |
SEC_E_DECRYPT_FAILURE |
The specified data could not be decrypted. |
SEC_E_DELEGATION_REQUIRED |
The requested operation cannot be completed. The computer must be trusted for delegation, and the current user account must be configured to allow delegation. |
SEC_E_DOWNGRADE_DETECTED |
The system detected a possible attempt to compromise security. Verify that the server that authenticated you can be contacted. NOTE: This error can be generated simply due to lack of connectivity to a domain controller and may not be indicative of malicious activity. |
SEC_E_ENCRYPT_FAILURE |
The specified data could not be encrypted. |
SEC_E_ILLEGAL_MESSAGE |
The message received was unexpected or badly formatted. |
SEC_E_INCOMPLETE_CREDENTIALS |
The credentials supplied were not complete and could not be verified. The context could not be initialized. |
SEC_E_INCOMPLETE_MESSAGE |
The message supplied was incomplete. The signature was not verified. |
SEC_E_INSUFFICIENT_MEMORY |
Not enough memory is available to complete the request. |
SEC_E_INTERNAL_ERROR |
An error occurred that did not map to an SSPI error code. |
SEC_E_INVALID_HANDLE |
The handle passed to the function is not valid. |
SEC_E_INVALID_TOKEN |
The token passed to the function is not valid. |
SEC_E_ISSUING_CA_UNTRUSTED |
An untrusted certification authority (CA) was detected while processing the smart card certificate used for authentication. |
SEC_E_ISSUING_CA_UNTRUSTED_KDC |
An untrusted CA was detected while processing the domain controller certificate used for authentication. The system event log contains additional information. |
SEC_E_KDC_CERT_EXPIRED |
The domain controller certificate used for smart card logon has expired. |
SEC_E_KDC_CERT_REVOKED |
The domain controller certificate used for smart card logon has been revoked. |
SEC_E_KDC_INVALID_REQUEST |
A request that is not valid was sent to the KDC. |
SEC_E_KDC_UNABLE_TO_REFER |
The KDC was unable to generate a referral for the service requested. |
SEC_E_KDC_UNKNOWN_ETYPE |
The requested encryption type is not supported by the KDC. |
SEC_E_LOGON_DENIED |
This status code is obsolete. |
SEC_E_MAX_REFERRALS_EXCEEDED |
The number of maximum ticket referrals has been exceeded. |
SEC_E_MESSAGE_ALTERED |
The message supplied for verification has been altered. |
SEC_E_MULTIPLE_ACCOUNTS |
The received certificate was mapped to multiple accounts. |
SEC_E_MUST_BE_KDC |
The local computer must be a Kerberos domain controller (KDC), but it is not. |
SEC_E_NO_AUTHENTICATING_AUTHORITY |
No authority could be contacted for authentication. |
SEC_E_NO_CREDENTIALS |
No credentials are available. |
SEC_E_NO_IMPERSONATION |
No impersonation is allowed for this context. |
SEC_E_NO_IP_ADDRESSES |
Unable to accomplish the requested task because the local computer does not have any IP addresses. |
SEC_E_NO_KERB_KEY |
No Kerberos key was found. |
SEC_E_NO_PA_DATA |
Policy administrator (PA) data is needed to determine the encryption type, but cannot be found. |
SEC_E_NO_S4U_PROT_SUPPORT |
The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for a user. |
SEC_E_NO_TGT_REPLY |
The client is trying to negotiate a context and the server requires a user-to-user connection, but did not send a TGT reply. |
SEC_E_NOT_OWNER |
The caller of the function does not own the credentials. |
SEC_E_NOT_SUPPORTED |
The request is not supported. |
SEC_E_OK |
The operation completed successfully. |
SEC_E_OUT_OF_SEQUENCE |
The message supplied for verification is out of sequence. |
SEC_E_PKINIT_CLIENT_FAILURE |
The smart card certificate used for authentication is not trusted. |
SEC_E_PKINIT_NAME_MISMATCH |
The client certificate does not contain a valid UPN or does not match the client name in the logon request. |
SEC_E_QOP_NOT_SUPPORTED |
The quality of protection attribute is not supported by this package. |
SEC_E_REVOCATION_OFFLINE_C |
The revocation status of the smart card certificate used for authentication could not be determined. |
SEC_E_REVOCATION_OFFLINE_KDC |
The revocation status of the domain controller certificate used for smart card authentication could not be determined. The system event log contains additional information. |
SEC_E_SECPKG_NOT_FOUND |
The security package was not recognized. |
SEC_E_SECURITY_QOS_FAILED |
The security context could not be established due to a failure in the requested quality of service (for example, mutual authentication or delegation). |
SEC_E_SHUTDOWN_IN_PROGRESS |
A system shutdown is in progress. |
SEC_E_SMARTCARD_CERT_EXPIRED |
The smart card certificate used for authentication has expired. |
SEC_E_SMARTCARD_CERT_REVOKED |
The smart card certificate used for authentication has been revoked. Additional information may exist in the event log. |
SEC_E_SMARTCARD_LOGON_REQUIRED |
Smart card logon is required and was not used. |
SEC_E_STRONG_CRYPTO_NOT_SUPPORTED |
The other end of the security negotiation requires strong cryptography, but it is not supported on the local machine. |
SEC_E_TARGET_UNKNOWN |
The target was not recognized. |
SEC_E_TIME_SKEW |
The clocks on the client and server computers do not match. |
SEC_E_TOO_MANY_PRINCIPALS |
The KDC reply contained more than one principal name. |
SEC_E_UNFINISHED_CONTEXT_DELETED |
A security context was deleted before the context was completed. This is considered a logon failure. |
SEC_E_UNKNOWN_CREDENTIALS |
The credentials provided were not recognized. |
SEC_E_UNSUPPORTED_FUNCTION |
The requested function is not supported. |
SEC_E_UNSUPPORTED_PREAUTH |
An unsupported preauthentication mechanism was presented to the Kerberos package. |
SEC_E_UNTRUSTED_ROOT |
The certificate chain was issued by an authority that is not trusted. |
SEC_E_WRONG_CREDENTIAL_HANDLE |
The supplied credential handle does not match the credential associated with the security context. |
SEC_E_WRONG_PRINCIPAL |
The target principal name is incorrect. |
SEC_I_COMPLETE_AND_CONTINUE |
The function completed successfully, but the application must call both CompleteAuthToken and then either InitializeSecurityContext (General) or AcceptSecurityContext (General) again to complete the context. |
SEC_I_COMPLETE_NEEDED |
The function completed successfully, but you must call the CompleteAuthToken function on the final message. |
SEC_I_CONTEXT_EXPIRED |
The message sender has finished using the connection and has initiated a shutdown. For information about initiating or recognizing a shutdown, see Shutting Down an Schannel Connection. |
SEC_I_CONTINUE_NEEDED |
The function completed successfully, but you must call this function again to complete the context. |
SEC_I_INCOMPLETE_CREDENTIALS |
The credentials supplied were not complete and could not be verified. Additional information can be returned from the context. |
SEC_I_LOCAL_LOGON |
The logon was completed, but no network authority was available. The logon was made using locally known information. |
SEC_I_NO_LSA_CONTEXT |
There is no LSA mode context associated with this context. |
SEC_I_RENEGOTIATE |
The context data must be renegotiated with the peer. |
Training
Learning path
Secure Windows Server on-premises and hybrid infrastructures - Training
Secure Windows Server on-premises and hybrid infrastructures