Windows NPS error codes

 Values:
00: IAS_SUCCESS
01: IAS_INTERNAL_ERROR
02: IAS_ACCESS_DENIED
03: IAS_MALFORMED_REQUEST
04: IAS_GLOBAL_CATALOG_UNAVAILABLE
05: IAS_DOMAIN_UNAVAILABLE
06: IAS_SERVER_UNAVAILABLE
07: IAS_NO_SUCH_DOMAIN
08: IAS_NO_SUCH_USER
09: The request was discarded by a third-party extension DLL file.
10: A third-party extension DLL has failed and cannot perform its function.
16: IAS_AUTH_FAILURE
17: IAS_CHANGE_PASSWORD_FAILURE
18: IAS_UNSUPPORTED_AUTH_TYPE
19: No reversibly encrypted password is stored for the user account
20: Lan Manager Authentication is not enabled.
21: An IAS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.
22: The client could not be authenticated because the EAP type cannot be processed by the server.
23: Unexpected error. Possible error in server or client configuration.
32: IAS_LOCAL_USERS_ONLY
33: IAS_PASSWORD_MUST_CHANGE
34: IAS_ACCOUNT_DISABLED
35: IAS_ACCOUNT_EXPIRED
36: IAS_ACCOUNT_LOCKED_OUT
37: IAS_INVALID_LOGON_HOURS
38: IAS_ACCOUNT_RESTRICTION
48: IAS_NO_POLICY_MATCH
49: Did not match connection request policy
64: IAS_DIALIN_LOCKED_OUT
65: IAS_DIALIN_DISABLED
66: IAS_INVALID_AUTH_TYPE
67: IAS_INVALID_CALLING_STATION
68: IAS_INVALID_DIALIN_HOURS
69: IAS_INVALID_CALLED_STATION
70: IAS_INVALID_PORT_TYPE
71: IAS_INVALID_RESTRICTION
72: The user cannot change his or her password because the change password option is not enabled for the matching remote access policy
73: The Enhanced Key Usage (EKU) extensions, section of the user or computer certificate are not valid or are missing.
80: IAS_NO_RECORD
96: IAS_SESSION_TIMEOUT
97: IAS_UNEXPECTED_REQUEST
112: The remote RADIUS server did not process the authentication request.
113: The local NPS proxy attempted to forward a connection request to a member of a remote RADIUS server group that does not exist.
115: The local NPS proxy did not forward a RADIUS message because it is not an accounting request or a connection request.
116: The local NPS proxy server cannot forward the connection request to the remote RADIUS server because either the proxy cannot open a Windows socket over which to send the connection request, or the proxy server attempted to send the connection request but received Windows sockets errors that prevented successful completion of the send operation.
117: The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond.
118: The local NPS proxy server received a RADIUS message that is malformed from a remote RADIUS server, and the message is unreadable.
256: The certificate provided by the user or computer as proof of their identity is a revoked certificate. Because of this, the user or computer was not authenticated, and NPS rejected the connection request.
257: Due to a missing dynamic link library (DLL) or exported function, NPS cannot access the certificate revocation list to verify whether the user or client computer certificate is valid or is revoked.
258: The revocation function was unable to check revocation for the certificate.
259: The certification authority that manages the certificate revocation list is not available. NPS cannot verify whether the certificate is valid or is revoked. Because of this, authentication failed.
260: The message supplied for verification has been altered.
261: NPS cannot contact Active Directory Domain Services (AD DS) or the local user accounts database to perform authentication and authorization. The connection request is denied for this reason.
262: The supplied message is incomplete. The signature was not verified.
263: NPS did not receive complete credentials from the user or computer. The connection request is denied for this reason.
264: The Security Support Provider Interface (SSPI) called by EAP reports that the system clocks on the NPS server and the access client are not synchronized.
265: The certificate that the user or client computer provided to NPS as proof of identity chains to an enterprise root certification authority that is not trusted by the NPS server.
266: The message received was unexpected or badly formatted.
267: The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason.
268: The certificate provided by the connecting user or computer is expired. NPS rejected the connection request for this reason.
269: The Security Support Provider Interface (SSPI) called by EAP reports that the NPS server and the access client cannot communicate because they do not possess a common algorithm.
270: Based on the matching NPS network policy, the user is required to log on with a smart card, but they have attempted to log on by using other credentials. NPS rejected the connection request for this reason.
271: The connection request was not processed because the NPS server was in the process of shutting down or restarting when it received the request.
272: The certificate that the user or client computer provided to NPS as proof of identity maps to multiple user or computer accounts rather than one account. NPS rejected the connection request for this reason.
273: Authentication failed. NPS called Windows Trust Verification Services, and the trust provider is not recognized on this computer. A trust provider is a software module that implements the algorithm for application-specific policies regarding trust.
274: Authentication failed. NPS called Windows Trust Verification Services, and the trust provider does not support the specified action. Each trust provider provides its own unique set of action identifiers. For information about the action identifiers supported by a trust provider, see the documentation for that trust provider.
275: Authentication failed. NPS called Windows Trust Verification Services, and the trust provider does not support the specified form. A trust provider is a software module that implements the algorithm for application-specific policies regarding trust. Trust providers support subject forms that describe where the trust information is located and what trust actions to take regarding the subject.
276: Authentication failed. NPS called Windows Trust Verification Services, but the binary file that calls EAP cannot be verified and is not trusted.
277: Authentication failed. NPS called Windows Trust Verification Services, but the binary file that calls EAP is not signed, or the signer certificate cannot be found.
278: Authentication failed. The certificate that was provided by the connecting user or computer is expired.
279: Authentication failed. The certificate is not valid because the validity periods of certificates in the chain do not match. For example, the following End Certificate and Issuer Certificate validity periods do not match: End Certificate validity period: 2007-2010; Issuer Certificate validity period: 2006-2008.
280: Authentication failed. The certificate is not valid and was not issued by a valid certification authority (CA).
281: Authentication failed. The path length constraint in the certification chain has been exceeded. This constraint restricts the maximum number of CA certificates that can follow this certificate in the certificate chain.
282: Authentication failed. The certificate contains a critical extension that is unrecognized by NPS.
283: Authentication failed. The certificate does not contain the Client Authentication purpose in Application Policies extensions, and cannot be used for authentication.
284: Authentication failed. The certificate is not valid because the certificate issuer and the parent of the certificate in the certificate chain are required to match but do not match.
285: Authentication failed. NPS cannot locate the certificate, or the certificate is incorrectly formed and is missing important information.
286: Authentication failed. The certificate provided by the connecting user or computer is issued by a certification authority (CA) that is not trusted by the NPS server.
287: Authentication failed. The certificate provided by the connecting user or computer does not chain to an enterprise root CA that NPS trusts.
288: Authentication failed due to an unspecified trust failure.
289: Authentication failed. The certificate provided by the connecting user or computer is revoked and is not valid.
290: Authentication failed. A test or trial certificate is in use, however the test root CA is not trusted, according to local or domain policy settings.
291: Authentication failed because NPS cannot locate and access the certificate revocation list to verify whether the certificate has or has not been revoked. This issue can occur if the revocation server is not available or if the certificate revocation list cannot be located in the revocation server database.
292: Authentication failed. The value of the User-Name attribute in the connection request does not match the value of the common name (CN) property in the certificate.
293: Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason.
294: Authentication failed because the certificate was explicitly marked as untrusted by the Administrator. Certificates are designated as untrusted when they are imported into the Untrusted Certificates folder in the certificate store for the Current User or Local Computer in the Certificates Microsoft Management Console (MMC) snap-in.
295: Authentication failed. The certificate provided by the connecting user or computer is issued by a CA that is not trusted by the NPS server.
296: Authentication failed. The certificate provided by the connecting user or computer is not valid because it is not configured with the Client Authentication purpose in Application Policies or Enhanced Key Usage (EKU) extensions. NPS rejected the connection request for this reason.
297: Authentication failed. The certificate provided by the connecting user or computer is not valid because it does not have a valid name.
298: Authentication failed. Either the certificate does not contain a valid user principal name (UPN) or the value of the User-Name attribute in the connection request does not match the certificate.
299: Authentication failed. The sequence of information provided by internal components or protocols during message verification is incorrect.
300: Authentication failed. The certificate is malformed and Extensible Authentication Protocl (EAP) cannot locate credential information in the certificate.
301: NPS terminated the authentication process. NPS received a cryptobinding type length value (TLV) from the access client that is not valid. This issue occurs when an attempt to breach your network security has occurred and a man-in-the-middle (MITM) attack is in progress. During MITM attacks on your network, attackers use unauthorized computers to intercept traffic between your legitimate hosts while posing as one of the legitimate hosts. The attacker’s computer attempts to gain data from your other network resources. This enables the attacker to use the unauthorized computer to intercept, decrypt, and access all network traffic that would otherwise go to one of your legitimate network resources.
302: NPS terminated the authentication process. NPS did not receive a required cryptobinding type length value (TLV) from the access client during the authentication process.