Export (0) Print
Expand All

SSPI Status Codes

The following status codes are used in SSPI applications and defined in Winerror.h.

Status codeMeaning

SEC_E_ALGORITHM_MISMATCH

The client and server cannot communicate because they do not possess a common algorithm.

SEC_E_BAD_BINDINGS

The SSPI channel bindings supplied by the client are incorrect.

SEC_E_BAD_PKGID

The requested package identifier does not exist.

SEC_E_BUFFER_TOO_SMALL

The buffers supplied to the function are not large enough to contain the information.

SEC_E_CANNOT_INSTALL

The security package cannot initialize successfully and should not be installed.

SEC_E_CANNOT_PACK

The package is unable to pack the context.

SEC_E_CERT_EXPIRED

The received certificate has expired.

SEC_E_CERT_UNKNOWN

An unknown error occurred while processing the certificate.

SEC_E_CERT_WRONG_USAGE

The certificate is not valid for the requested usage.

SEC_E_CONTEXT_EXPIRED

The application is referencing a context that has already been closed. A properly written application should not receive this error.

SEC_E_CROSSREALM_DELEGATION_FAILURE

The server attempted to make a Kerberos-constrained delegation request for a target outside the server's realm.

SEC_E_CRYPTO_SYSTEM_INVALID

The cryptographic system or checksum function is not valid because a required function is unavailable.

SEC_E_DECRYPT_FAILURE

The specified data could not be decrypted.

SEC_E_DELEGATION_REQUIRED

The requested operation cannot be completed. The computer must be trusted for delegation, and the current user account must be configured to allow delegation.

SEC_E_DOWNGRADE_DETECTED

The system detected a possible attempt to compromise security. Verify that the server that authenticated you can be contacted.

SEC_E_ENCRYPT_FAILURE

The specified data could not be encrypted.

SEC_E_ILLEGAL_MESSAGE

The message received was unexpected or badly formatted.

SEC_E_INCOMPLETE_CREDENTIALS

The credentials supplied were not complete and could not be verified. The context could not be initialized.

SEC_E_INCOMPLETE_MESSAGE

The message supplied was incomplete. The signature was not verified.

SEC_E_INSUFFICIENT_MEMORY

Not enough memory is available to complete the request.

SEC_E_INTERNAL_ERROR

An error occurred that did not map to an SSPI error code.

SEC_E_INVALID_HANDLE

The handle passed to the function is not valid.

SEC_E_INVALID_TOKEN

The token passed to the function is not valid.

SEC_E_ISSUING_CA_UNTRUSTED

An untrusted certification authority (CA) was detected while processing the smart card certificate used for authentication.

SEC_E_ISSUING_CA_UNTRUSTED_KDC

An untrusted CA was detected while processing the domain controller certificate used for authentication. The system event log contains additional information.

SEC_E_KDC_CERT_EXPIRED

The domain controller certificate used for smart card logon has expired.

SEC_E_KDC_CERT_REVOKED

The domain controller certificate used for smart card logon has been revoked.

SEC_E_KDC_INVALID_REQUEST

A request that is not valid was sent to the KDC.

SEC_E_KDC_UNABLE_TO_REFER

The KDC was unable to generate a referral for the service requested.

SEC_E_KDC_UNKNOWN_ETYPE

The requested encryption type is not supported by the KDC.

SEC_E_LOGON_DENIED

This status code is obsolete.

SEC_E_MAX_REFERRALS_EXCEEDED

The number of maximum ticket referrals has been exceeded.

SEC_E_MESSAGE_ALTERED

The message supplied for verification has been altered.

SEC_E_MULTIPLE_ACCOUNTS

The received certificate was mapped to multiple accounts.

SEC_E_MUST_BE_KDC

The local computer must be a Kerberos domain controller (KDC), but it is not.

SEC_E_NO_AUTHENTICATING_AUTHORITY

No authority could be contacted for authentication.

SEC_E_NO_CREDENTIALS

No credentials are available.

SEC_E_NO_IMPERSONATION

No impersonation is allowed for this context.

SEC_E_NO_IP_ADDRESSES

Unable to accomplish the requested task because the local computer does not have any IP addresses.

SEC_E_NO_KERB_KEY

No Kerberos key was found.

SEC_E_NO_PA_DATA

Policy administrator (PA) data is needed to determine the encryption type, but cannot be found.

SEC_E_NO_S4U_PROT_SUPPORT

The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for a user.

SEC_E_NO_TGT_REPLY

The client is trying to negotiate a context and the server requires a user-to-user connection, but did not send a TGT reply.

SEC_E_NOT_OWNER

The caller of the function does not own the credentials.

SEC_E_NOT_SUPPORTED

The request is not supported.

SEC_E_OK

The operation completed successfully.

SEC_E_OUT_OF_SEQUENCE

The message supplied for verification is out of sequence.

SEC_E_PKINIT_CLIENT_FAILURE

The smart card certificate used for authentication is not trusted.

SEC_E_PKINIT_NAME_MISMATCH

The client certificate does not contain a valid UPN or does not match the client name in the logon request.

SEC_E_QOP_NOT_SUPPORTED

The quality of protection attribute is not supported by this package.

SEC_E_REVOCATION_OFFLINE_C

The revocation status of the smart card certificate used for authentication could not be determined.

SEC_E_REVOCATION_OFFLINE_KDC

The revocation status of the domain controller certificate used for smart card authentication could not be determined. The system event log contains additional information.

SEC_E_SECPKG_NOT_FOUND

The security package was not recognized.

SEC_E_SECURITY_QOS_FAILED

The security context could not be established due to a failure in the requested quality of service (for example, mutual authentication or delegation).

SEC_E_SHUTDOWN_IN_PROGRESS

A system shutdown is in progress.

SEC_E_SMARTCARD_CERT_EXPIRED

The smart card certificate used for authentication has expired.

SEC_E_SMARTCARD_CERT_REVOKED

The smart card certificate used for authentication has been revoked. Additional information may exist in the event log.

SEC_E_SMARTCARD_LOGON_REQUIRED

Smart card logon is required and was not used.

SEC_E_STRONG_CRYPTO_NOT_SUPPORTED

The other end of the security negotiation requires strong cryptography, but it is not supported on the local machine.

SEC_E_TARGET_UNKNOWN

The target was not recognized.

SEC_E_TIME_SKEW

The clocks on the client and server computers do not match.

SEC_E_TOO_MANY_PRINCIPALS

The KDC reply contained more than one principal name.

SEC_E_UNFINISHED_CONTEXT_DELETED

A security context was deleted before the context was completed. This is considered a logon failure.

SEC_E_UNKNOWN_CREDENTIALS

The credentials provided were not recognized.

SEC_E_UNSUPPORTED_FUNCTION

The requested function is not supported.

SEC_E_UNSUPPORTED_PREAUTH

An unsupported preauthentication mechanism was presented to the Kerberos package.

SEC_E_UNTRUSTED_ROOT

The certificate chain was issued by an authority that is not trusted.

SEC_E_WRONG_CREDENTIAL_HANDLE

The supplied credential handle does not match the credential associated with the security context.

SEC_E_WRONG_PRINCIPAL

The target principal name is incorrect.

SEC_I_COMPLETE_AND_CONTINUE

The function completed successfully, but the application must call both CompleteAuthToken and then either InitializeSecurityContext (General) or AcceptSecurityContext (General) again to complete the context.

SEC_I_COMPLETE_NEEDED

The function completed successfully, but you must call the CompleteAuthToken function on the final message.

SEC_I_CONTEXT_EXPIRED

The message sender has finished using the connection and has initiated a shutdown. For information about initiating or recognizing a shutdown, see Shutting Down an Schannel Connection.

SEC_I_CONTINUE_NEEDED

The function completed successfully, but you must call this function again to complete the context.

SEC_I_INCOMPLETE_CREDENTIALS

The credentials supplied were not complete and could not be verified. Additional information can be returned from the context.

SEC_I_LOCAL_LOGON

The logon was completed, but no network authority was available. The logon was made using locally known information.

SEC_I_NO_LSA_CONTEXT

There is no LSA mode context associated with this context.

SEC_I_RENEGOTIATE

The context data must be renegotiated with the peer.

 

 

 

Community Additions

ADD
Show:
© 2014 Microsoft