Export (0) Print
Expand All

Error Codes

The following are the run-time error codes, defined in Wspfwerr.h, that may be returned by the Microsoft Firewall service and may appear as result codes in Forefront TMG logs. Note that error codes with a message identifier equal to or greater than 0xC0040039 are introduced in Forefront TMG.

Symbolic nameHexidecimal IDMessage text
FWX_E_TERMINATING0xC0040001The object is shutting down.
FWX_E_INVALID_ARG0xC0040002The argument is invalid.
FWX_E_ALREADY_IN_BLOCKING_OP0xC0040003The blocking operation is already started.
FWX_E_NOT_IN_BLOCKING_OP0xC0040004There is no blocking operation to be ended.
FWX_E_FILTER_NOT_REGISTERED0xC0040005The filter is not registered.
FWX_E_ALREADY_EXISTS0x800700B7The object cannot be created because an object with the same name already exists.
FWX_E_BUFFERFULL0xC0040007Not all the data was appended to the buffer object because the buffer was full.
FWX_E_ALREADY_EMULATED0xC0040009The connection is already emulated by another filter.
FWX_E_BAD_CONTEXT0xC004000AThe method was not called while handling any of the supported events.
FWX_E_NOT_SUPPORTED0xC004000BModifying this property is not allowed for this session.
FWX_E_NOT_AUTHENTICATED0xC004000CThe action cannot be performed because the session is not authenticated.
FWX_E_POLICY_RULES_DENIED0xC004000DThe policy rules do not allow the user request.
FWX_E_MIME_NEEDED0xC004000EThe MIME type is required.
FWX_E_MUST_USE_DS0xC004000F(Reserved for future use.)
FWX_E_NOT_EMULATED0xC0040010The connection is not emulated.
FWX_E_IS_BUSY0xC0040011A connection was dropped because there are too many pending connection requests.
FWX_E_NETWORK_RULES_DENIED0xC0040012The network rules do not allow the connection requested.
FWX_E_FRAGMENT_PACKET_DROPPED0xC0040013A packet was dropped because it contained an IP fragment that Forefront TMG is configured to block.
FWX_E_FWE_SPOOFING_PACKET_DROPPED0xC0040014A packet was dropped because Forefront TMG determined that the source IP address is spoofed.
FWX_E_TCPIPDROP_PACKET_DROPPED0xC0040015A packet was dropped by the TCP/IP stack.
FWX_E_NO_BACKLOG_PACKET_DROPPED0xC0040016A packet was dropped because the rate of requests for incoming connections was too high.
FWX_E_TCP_NOT_SYN_PACKET_DROPPED0xC0040017A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.
FWX_E_BAD_LENGTH_PACKET_DROPPED0xC0040018A packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length.
FWX_E_PING_OF_DEATH_PACKET_DROPPED0xC0040019A packet was dropped because Forefront TMG detected a ping-of-death attack.
FWX_E_OUT_OF_BAND_PACKET_DROPPED0xC004001AA packet was dropped because Forefront TMG detected a Windows out-of-band (WinNuke) attack.
FWX_E_IP_HALF_SCAN_PACKET_DROPPED0xC004001BA packet was dropped because Forefront TMG detected an IP half-scan attack.
FWX_E_LAND_ATTACK_DROPPED0xC004001CA packet was dropped because Forefront TMG detected a land attack.
FWX_E_UDP_BOMB_DROPPED0xC004001DA packet was dropped because Forefront TMG detected a UDP bomb attack.
FWX_E_FULLDENY_DROPPED0xC004001EA packet was dropped because Forefront TMG is operating in lockdown mode. (Note that no logging is performed by Forefront TMG in lockdown mode.)
FWX_E_IPOPTIONS_DROPPED0xC004001FA packet was dropped because its header includes one or more IP options that Forefront TMG is configured to block.
FWX_E_UNCOMPLETED_CONNECTION_REQUEST0xC0040020An attempt to log on to the VPN server was rejected during the authentication phase because the authentication data was not received in a timely manner. The client session was disconnected.
FWX_E_CONNECTION_REQUEST_REJECTED0xC0040021An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected.
FWX_E_VALIDATE_QUARANTINE_FAILED0xC0040022The VPN quarantine settings could not be validated. The client session was disconnected.
FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED0xC0040023The VPN client connection limit was exceeded. The client session was disconnected.
FWX_E_OUT_OF_RESOURCES0xC0040024A packet was dropped because there are insufficient resources.
FWX_E_BROADCAST_PACKET_DROPPED0xC0040025A broadcast packet was dropped by the Forefront TMG policy.
FWX_E_UNKNOWN_ADAPTER_DROPPED0xC0040026(Reserved for future use.)
FWX_E_ICMP_ERROR_PACKET_DROPPED0xC0040027(Reserved for future use.)
FWX_E_INVALID_PROTCOL_PACKET_DROPPED0xC0040028A packet was dropped because its header specifies an invalid IP protocol (255) or address (0.0.0.0).
FWX_E_PORT_ZERO_PACKET_DROPPED0xC0040029A packet was dropped because its transport header specifies an invalid port (0).
FWX_E_SYN_ATTACK_START0xC004002AForefront TMG detected a SYN attack.
FWX_E_SYN_ATTACK_END0xC004002BForefront TMG is no longer experiencing a SYN attack.
FWX_E_INVALID_DHCP_OFFER0xC004002CAn invalid DHCP offer was blocked.
FWX_E_UNREACHABLE_ADDRESS0xC004002DA packet was dropped because its destination IP address is unreachable.
FWX_E_ADDRESS_NOT_ALLOWED0xC004002EAn attempt to establish a connection by an application filter was rejected because the source address is not in a range that is allowed for the destination address.
FWX_E_IPSEC_NO_ROUTE_DROPPED0xC004002FA packet arriving through an IPsec tunnel was rejected because its source address is not expected for the tunnel.
FWX_E_OUTBOUND_PATH_THROUGH_DROPPED0xC0040030A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.
FWX_E_BAD_TCP_CHECKSUM_DROPPED0xC0040031A packet was dropped because verification of its TCP checksum failed.
FWX_E_VPN_USER_MAPPING_FAILED0xC0040032An attempt to map a VPN client to a Windows user failed. The client session was disconnected.
FWX_E_RULE_QUOTA_EXCEEDED_DROPPED0xC0040033A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded.
FWX_E_SEQ_ACK_MISMATCH0xC0040034A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number.
FWX_E_THREAD_QUOTA_EXCEEDED0xC0040035A blocking operation could not be performed because the thread limit for this operation was reached.
FWX_E_DNS_QUOTA_EXCEEDED0xC0040036A DNS query could not be performed because the query limit was reached.
FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED0xC0040037A connection was rejected because the connection limit specifying the maximum number of concurrent connections for a single client host was exceeded.
FWX_E_TCP_NO_SERVER_REPLY0xC0040038A connection was closed because no SYN/ACK reply was received from the server.
FWX_E_POLICY_CONNECTION_CLOSED0xC0040039An existing connection was closed because it is no longer allowed by the policy.
FWX_E_NAT_ADDRESS_NOT_AVAILABLE0xC004003AA network rule specifies a NAT relationship, but no local IP address is available for NAT on the server.
FWX_E_IPS_BLOCKED0xC004003BThe connection was blocked by the Network Inspection System (NIS).
FWX_E_IPS_DETECTED0xC004003CThe Network Inspection System (NIS) detected traffic that matches a vulnerability signature.
FWX_E_CONNECTION_QUARANTINED0xC004003DThe connection was closed because the client was quarantined.
FWX_E_FW_IPSEC_DROPPED0xC004003EA packet was dropped due to periodic inconsistency between the IPsec policy and the Forefront TMG's snapshot of the IPSsec policy.
FWX_E_TRANSITION_DROPPED0xC004003FA packet was dropped while adjusting the Forefront TMG behavior to a new IPsec policy.
FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK0xC0040040Both input addresses belong to the same network.
FWX_E_UNSUPPORTED_IPV6_DROPPED0xC0040041A packet was dropped because the IPv6 protocol is not supported.
FWX_E_INVALID_ROUTER_ADV0xC0040042An invalid IPv6 router advertisement was detected.
FWX_E_IPV6_ROUTING_HEADER0xC0040043An IPv6 routing header was found.
FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC0xC0040044The firewall engine failed to apply the IPsec configuration.
FWE_E_FAIL_TRANSACT_TO_IPSEC0xC0040045The firewall engine entered an invalid state.

 

The following are additional run-time codes that may be returned by the Firewall service and may appear as result codes in Forefront TMG logs.

Symbolic nameHexidecimal IDDescription
WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN0x80074E20A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN0x80074E21A connection was abortively closed after one of the peers sent an RST packet.
WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED0x80074E23A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded.
WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED0x80074E24Forefront TMG closed an established connection before either peer requested to close it. This typically occurs when an application filter detects a protocol violation, such as a malformed HTTP request.
WSA_RWS_TIMEOUT or FWX_E_TIMEOUT0x80074E25A connection was terminated because it was idle for more than the time-out period, or the time-out on an incompleted action expired.
WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE0x80074E26A connetion was terminated from Forefront TMG Management, during shutdown, or when a VPN client was disconnected.

 

 

 

Build date: 7/12/2010

Community Additions

ADD
Show:
© 2014 Microsoft