Share via


Error Codes

The following are the run-time error codes, defined in Wspfwerr.h, that may be returned by the Microsoft Firewall service and may appear as result codes in Forefront TMG logs. Note that error codes with a message identifier equal to or greater than 0xC0040039 are introduced in Forefront TMG.

Symbolic name Hexidecimal ID Message text
FWX_E_TERMINATING 0xC0040001 The object is shutting down.
FWX_E_INVALID_ARG 0xC0040002 The argument is invalid.
FWX_E_ALREADY_IN_BLOCKING_OP 0xC0040003 The blocking operation is already started.
FWX_E_NOT_IN_BLOCKING_OP 0xC0040004 There is no blocking operation to be ended.
FWX_E_FILTER_NOT_REGISTERED 0xC0040005 The filter is not registered.
FWX_E_ALREADY_EXISTS 0x800700B7 The object cannot be created because an object with the same name already exists.
FWX_E_BUFFERFULL 0xC0040007 Not all the data was appended to the buffer object because the buffer was full.
FWX_E_ALREADY_EMULATED 0xC0040009 The connection is already emulated by another filter.
FWX_E_BAD_CONTEXT 0xC004000A The method was not called while handling any of the supported events.
FWX_E_NOT_SUPPORTED 0xC004000B Modifying this property is not allowed for this session.
FWX_E_NOT_AUTHENTICATED 0xC004000C The action cannot be performed because the session is not authenticated.
FWX_E_POLICY_RULES_DENIED 0xC004000D The policy rules do not allow the user request.
FWX_E_MIME_NEEDED 0xC004000E The MIME type is required.
FWX_E_MUST_USE_DS 0xC004000F (Reserved for future use.)
FWX_E_NOT_EMULATED 0xC0040010 The connection is not emulated.
FWX_E_IS_BUSY 0xC0040011 A connection was dropped because there are too many pending connection requests.
FWX_E_NETWORK_RULES_DENIED 0xC0040012 The network rules do not allow the connection requested.
FWX_E_FRAGMENT_PACKET_DROPPED 0xC0040013 A packet was dropped because it contained an IP fragment that Forefront TMG is configured to block.
FWX_E_FWE_SPOOFING_PACKET_DROPPED 0xC0040014 A packet was dropped because Forefront TMG determined that the source IP address is spoofed.
FWX_E_TCPIPDROP_PACKET_DROPPED 0xC0040015 A packet was dropped by the TCP/IP stack.
FWX_E_NO_BACKLOG_PACKET_DROPPED 0xC0040016 A packet was dropped because the rate of requests for incoming connections was too high.
FWX_E_TCP_NOT_SYN_PACKET_DROPPED 0xC0040017 A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.
FWX_E_BAD_LENGTH_PACKET_DROPPED 0xC0040018 A packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length.
FWX_E_PING_OF_DEATH_PACKET_DROPPED 0xC0040019 A packet was dropped because Forefront TMG detected a ping-of-death attack.
FWX_E_OUT_OF_BAND_PACKET_DROPPED 0xC004001A A packet was dropped because Forefront TMG detected a Windows out-of-band (WinNuke) attack.
FWX_E_IP_HALF_SCAN_PACKET_DROPPED 0xC004001B A packet was dropped because Forefront TMG detected an IP half-scan attack.
FWX_E_LAND_ATTACK_DROPPED 0xC004001C A packet was dropped because Forefront TMG detected a land attack.
FWX_E_UDP_BOMB_DROPPED 0xC004001D A packet was dropped because Forefront TMG detected a UDP bomb attack.
FWX_E_FULLDENY_DROPPED 0xC004001E A packet was dropped because Forefront TMG is operating in lockdown mode. (Note that no logging is performed by Forefront TMG in lockdown mode.)
FWX_E_IPOPTIONS_DROPPED 0xC004001F A packet was dropped because its header includes one or more IP options that Forefront TMG is configured to block.
FWX_E_UNCOMPLETED_CONNECTION_REQUEST 0xC0040020 An attempt to log on to the VPN server was rejected during the authentication phase because the authentication data was not received in a timely manner. The client session was disconnected.
FWX_E_CONNECTION_REQUEST_REJECTED 0xC0040021 An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected.
FWX_E_VALIDATE_QUARANTINE_FAILED 0xC0040022 The VPN quarantine settings could not be validated. The client session was disconnected.
FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED 0xC0040023 The VPN client connection limit was exceeded. The client session was disconnected.
FWX_E_OUT_OF_RESOURCES 0xC0040024 A packet was dropped because there are insufficient resources.
FWX_E_BROADCAST_PACKET_DROPPED 0xC0040025 A broadcast packet was dropped by the Forefront TMG policy.
FWX_E_UNKNOWN_ADAPTER_DROPPED 0xC0040026 (Reserved for future use.)
FWX_E_ICMP_ERROR_PACKET_DROPPED 0xC0040027 (Reserved for future use.)
FWX_E_INVALID_PROTCOL_PACKET_DROPPED 0xC0040028 A packet was dropped because its header specifies an invalid IP protocol (255) or address (0.0.0.0).
FWX_E_PORT_ZERO_PACKET_DROPPED 0xC0040029 A packet was dropped because its transport header specifies an invalid port (0).
FWX_E_SYN_ATTACK_START 0xC004002A Forefront TMG detected a SYN attack.
FWX_E_SYN_ATTACK_END 0xC004002B Forefront TMG is no longer experiencing a SYN attack.
FWX_E_INVALID_DHCP_OFFER 0xC004002C An invalid DHCP offer was blocked.
FWX_E_UNREACHABLE_ADDRESS 0xC004002D A packet was dropped because its destination IP address is unreachable.
FWX_E_ADDRESS_NOT_ALLOWED 0xC004002E An attempt to establish a connection by an application filter was rejected because the source address is not in a range that is allowed for the destination address.
FWX_E_IPSEC_NO_ROUTE_DROPPED 0xC004002F A packet arriving through an IPsec tunnel was rejected because its source address is not expected for the tunnel.
FWX_E_OUTBOUND_PATH_THROUGH_DROPPED 0xC0040030 A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.
FWX_E_BAD_TCP_CHECKSUM_DROPPED 0xC0040031 A packet was dropped because verification of its TCP checksum failed.
FWX_E_VPN_USER_MAPPING_FAILED 0xC0040032 An attempt to map a VPN client to a Windows user failed. The client session was disconnected.
FWX_E_RULE_QUOTA_EXCEEDED_DROPPED 0xC0040033 A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded.
FWX_E_SEQ_ACK_MISMATCH 0xC0040034 A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number.
FWX_E_THREAD_QUOTA_EXCEEDED 0xC0040035 A blocking operation could not be performed because the thread limit for this operation was reached.
FWX_E_DNS_QUOTA_EXCEEDED 0xC0040036 A DNS query could not be performed because the query limit was reached.
FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED 0xC0040037 A connection was rejected because the connection limit specifying the maximum number of concurrent connections for a single client host was exceeded.
FWX_E_TCP_NO_SERVER_REPLY 0xC0040038 A connection was closed because no SYN/ACK reply was received from the server.
FWX_E_POLICY_CONNECTION_CLOSED 0xC0040039 An existing connection was closed because it is no longer allowed by the policy.
FWX_E_NAT_ADDRESS_NOT_AVAILABLE 0xC004003A A network rule specifies a NAT relationship, but no local IP address is available for NAT on the server.
FWX_E_IPS_BLOCKED 0xC004003B The connection was blocked by the Network Inspection System (NIS).
FWX_E_IPS_DETECTED 0xC004003C The Network Inspection System (NIS) detected traffic that matches a vulnerability signature.
FWX_E_CONNECTION_QUARANTINED 0xC004003D The connection was closed because the client was quarantined.
FWX_E_FW_IPSEC_DROPPED 0xC004003E A packet was dropped due to periodic inconsistency between the IPsec policy and the Forefront TMG's snapshot of the IPSsec policy.
FWX_E_TRANSITION_DROPPED 0xC004003F A packet was dropped while adjusting the Forefront TMG behavior to a new IPsec policy.
FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK 0xC0040040 Both input addresses belong to the same network.
FWX_E_UNSUPPORTED_IPV6_DROPPED 0xC0040041 A packet was dropped because the IPv6 protocol is not supported.
FWX_E_INVALID_ROUTER_ADV 0xC0040042 An invalid IPv6 router advertisement was detected.
FWX_E_IPV6_ROUTING_HEADER 0xC0040043 An IPv6 routing header was found.
FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC 0xC0040044 The firewall engine failed to apply the IPsec configuration.
FWE_E_FAIL_TRANSACT_TO_IPSEC 0xC0040045 The firewall engine entered an invalid state.

 

The following are additional run-time codes that may be returned by the Firewall service and may appear as result codes in Forefront TMG logs.

Symbolic name Hexidecimal ID Description
WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN 0x80074E20 A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN 0x80074E21 A connection was abortively closed after one of the peers sent an RST packet.
WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED 0x80074E23 A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded.
WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED 0x80074E24 Forefront TMG closed an established connection before either peer requested to close it. This typically occurs when an application filter detects a protocol violation, such as a malformed HTTP request.
WSA_RWS_TIMEOUT or FWX_E_TIMEOUT 0x80074E25 A connection was terminated because it was idle for more than the time-out period, or the time-out on an incompleted action expired.
WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE 0x80074E26 A connetion was terminated from Forefront TMG Management, during shutdown, or when a VPN client was disconnected.

 

 

 

Build date: 7/12/2010