Extended Error Information
Some security packages support extended error messages that allow the sides of a communication link to communicate any reasons for a failure. For example, the Kerberos protocol could fail because of a time discrepancy between the time of request for a Kerberos ticket and the ticket's time of issue. With information from returned extended error information, a client can resynchronize its clock and generate a new connection message.
A security package setting the SECPKG_FLAG_EXTENDED_ERROR flag in the fCapabilities member of a SecPkgInfo structure indicates that the security package supports extended error messages.
Client applications requiring extended error messages specify the ISC_REQ_EXTENDED_ERROR flag when calling the InitializeSecurityContext (General) function. Server applications requiring extended error messages set the ASC_REQ_EXTENDED_ERROR flag when calling AcceptSecurityContext (General).