Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following are the run-time error codes, defined in Wspfwerr.h, that may be returned by the Microsoft Firewall service and may appear as result codes in Forefront TMG logs. Note that error codes with a message identifier equal to or greater than 0xC0040039 are introduced in Forefront TMG.
| Symbolic name | Hexidecimal ID | Message text |
|---|---|---|
| FWX_E_TERMINATING | 0xC0040001 | The object is shutting down. |
| FWX_E_INVALID_ARG | 0xC0040002 | The argument is invalid. |
| FWX_E_ALREADY_IN_BLOCKING_OP | 0xC0040003 | The blocking operation is already started. |
| FWX_E_NOT_IN_BLOCKING_OP | 0xC0040004 | There is no blocking operation to be ended. |
| FWX_E_FILTER_NOT_REGISTERED | 0xC0040005 | The filter is not registered. |
| FWX_E_ALREADY_EXISTS | 0x800700B7 | The object cannot be created because an object with the same name already exists. |
| FWX_E_BUFFERFULL | 0xC0040007 | Not all the data was appended to the buffer object because the buffer was full. |
| FWX_E_ALREADY_EMULATED | 0xC0040009 | The connection is already emulated by another filter. |
| FWX_E_BAD_CONTEXT | 0xC004000A | The method was not called while handling any of the supported events. |
| FWX_E_NOT_SUPPORTED | 0xC004000B | Modifying this property is not allowed for this session. |
| FWX_E_NOT_AUTHENTICATED | 0xC004000C | The action cannot be performed because the session is not authenticated. |
| FWX_E_POLICY_RULES_DENIED | 0xC004000D | The policy rules do not allow the user request. |
| FWX_E_MIME_NEEDED | 0xC004000E | The MIME type is required. |
| FWX_E_MUST_USE_DS | 0xC004000F | (Reserved for future use.) |
| FWX_E_NOT_EMULATED | 0xC0040010 | The connection is not emulated. |
| FWX_E_IS_BUSY | 0xC0040011 | A connection was dropped because there are too many pending connection requests. |
| FWX_E_NETWORK_RULES_DENIED | 0xC0040012 | The network rules do not allow the connection requested. |
| FWX_E_FRAGMENT_PACKET_DROPPED | 0xC0040013 | A packet was dropped because it contained an IP fragment that Forefront TMG is configured to block. |
| FWX_E_FWE_SPOOFING_PACKET_DROPPED | 0xC0040014 | A packet was dropped because Forefront TMG determined that the source IP address is spoofed. |
| FWX_E_TCPIPDROP_PACKET_DROPPED | 0xC0040015 | A packet was dropped by the TCP/IP stack. |
| FWX_E_NO_BACKLOG_PACKET_DROPPED | 0xC0040016 | A packet was dropped because the rate of requests for incoming connections was too high. |
| FWX_E_TCP_NOT_SYN_PACKET_DROPPED | 0xC0040017 | A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer. |
| FWX_E_BAD_LENGTH_PACKET_DROPPED | 0xC0040018 | A packet was dropped because its IP length field does not fall within the allowed range or is inconsistent with the actual length. |
| FWX_E_PING_OF_DEATH_PACKET_DROPPED | 0xC0040019 | A packet was dropped because Forefront TMG detected a ping-of-death attack. |
| FWX_E_OUT_OF_BAND_PACKET_DROPPED | 0xC004001A | A packet was dropped because Forefront TMG detected a Windows out-of-band (WinNuke) attack. |
| FWX_E_IP_HALF_SCAN_PACKET_DROPPED | 0xC004001B | A packet was dropped because Forefront TMG detected an IP half-scan attack. |
| FWX_E_LAND_ATTACK_DROPPED | 0xC004001C | A packet was dropped because Forefront TMG detected a land attack. |
| FWX_E_UDP_BOMB_DROPPED | 0xC004001D | A packet was dropped because Forefront TMG detected a UDP bomb attack. |
| FWX_E_FULLDENY_DROPPED | 0xC004001E | A packet was dropped because Forefront TMG is operating in lockdown mode. (Note that no logging is performed by Forefront TMG in lockdown mode.) |
| FWX_E_IPOPTIONS_DROPPED | 0xC004001F | A packet was dropped because its header includes one or more IP options that Forefront TMG is configured to block. |
| FWX_E_UNCOMPLETED_CONNECTION_REQUEST | 0xC0040020 | An attempt to log on to the VPN server was rejected during the authentication phase because the authentication data was not received in a timely manner. The client session was disconnected. |
| FWX_E_CONNECTION_REQUEST_REJECTED | 0xC0040021 | An attempt to log on to the VPN server was rejected during the authentication phase. The client session was disconnected. |
| FWX_E_VALIDATE_QUARANTINE_FAILED | 0xC0040022 | The VPN quarantine settings could not be validated. The client session was disconnected. |
| FWX_E_VPN_CONNECTIONS_LIMIT_EXCEEDED | 0xC0040023 | The VPN client connection limit was exceeded. The client session was disconnected. |
| FWX_E_OUT_OF_RESOURCES | 0xC0040024 | A packet was dropped because there are insufficient resources. |
| FWX_E_BROADCAST_PACKET_DROPPED | 0xC0040025 | A broadcast packet was dropped by the Forefront TMG policy. |
| FWX_E_UNKNOWN_ADAPTER_DROPPED | 0xC0040026 | (Reserved for future use.) |
| FWX_E_ICMP_ERROR_PACKET_DROPPED | 0xC0040027 | (Reserved for future use.) |
| FWX_E_INVALID_PROTCOL_PACKET_DROPPED | 0xC0040028 | A packet was dropped because its header specifies an invalid IP protocol (255) or address (0.0.0.0). |
| FWX_E_PORT_ZERO_PACKET_DROPPED | 0xC0040029 | A packet was dropped because its transport header specifies an invalid port (0). |
| FWX_E_SYN_ATTACK_START | 0xC004002A | Forefront TMG detected a SYN attack. |
| FWX_E_SYN_ATTACK_END | 0xC004002B | Forefront TMG is no longer experiencing a SYN attack. |
| FWX_E_INVALID_DHCP_OFFER | 0xC004002C | An invalid DHCP offer was blocked. |
| FWX_E_UNREACHABLE_ADDRESS | 0xC004002D | A packet was dropped because its destination IP address is unreachable. |
| FWX_E_ADDRESS_NOT_ALLOWED | 0xC004002E | An attempt to establish a connection by an application filter was rejected because the source address is not in a range that is allowed for the destination address. |
| FWX_E_IPSEC_NO_ROUTE_DROPPED | 0xC004002F | A packet arriving through an IPsec tunnel was rejected because its source address is not expected for the tunnel. |
| FWX_E_OUTBOUND_PATH_THROUGH_DROPPED | 0xC0040030 | A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter. |
| FWX_E_BAD_TCP_CHECKSUM_DROPPED | 0xC0040031 | A packet was dropped because verification of its TCP checksum failed. |
| FWX_E_VPN_USER_MAPPING_FAILED | 0xC0040032 | An attempt to map a VPN client to a Windows user failed. The client session was disconnected. |
| FWX_E_RULE_QUOTA_EXCEEDED_DROPPED | 0xC0040033 | A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded. |
| FWX_E_SEQ_ACK_MISMATCH | 0xC0040034 | A TCP packet was rejected because it has an invalid sequence number or an invalid acknowledgement number. |
| FWX_E_THREAD_QUOTA_EXCEEDED | 0xC0040035 | A blocking operation could not be performed because the thread limit for this operation was reached. |
| FWX_E_DNS_QUOTA_EXCEEDED | 0xC0040036 | A DNS query could not be performed because the query limit was reached. |
| FWX_E_TCP_RATE_QUOTA_EXCEEDED_DROPPED | 0xC0040037 | A connection was rejected because the connection limit specifying the maximum number of concurrent connections for a single client host was exceeded. |
| FWX_E_TCP_NO_SERVER_REPLY | 0xC0040038 | A connection was closed because no SYN/ACK reply was received from the server. |
| FWX_E_POLICY_CONNECTION_CLOSED | 0xC0040039 | An existing connection was closed because it is no longer allowed by the policy. |
| FWX_E_NAT_ADDRESS_NOT_AVAILABLE | 0xC004003A | A network rule specifies a NAT relationship, but no local IP address is available for NAT on the server. |
| FWX_E_IPS_BLOCKED | 0xC004003B | The connection was blocked by the Network Inspection System (NIS). |
| FWX_E_IPS_DETECTED | 0xC004003C | The Network Inspection System (NIS) detected traffic that matches a vulnerability signature. |
| FWX_E_CONNECTION_QUARANTINED | 0xC004003D | The connection was closed because the client was quarantined. |
| FWX_E_FW_IPSEC_DROPPED | 0xC004003E | A packet was dropped due to periodic inconsistency between the IPsec policy and the Forefront TMG's snapshot of the IPSsec policy. |
| FWX_E_TRANSITION_DROPPED | 0xC004003F | A packet was dropped while adjusting the Forefront TMG behavior to a new IPsec policy. |
| FWX_E_BOTH_ADRESSES_BELONG_TO_SAME_NETWORK | 0xC0040040 | Both input addresses belong to the same network. |
| FWX_E_UNSUPPORTED_IPV6_DROPPED | 0xC0040041 | A packet was dropped because the IPv6 protocol is not supported. |
| FWX_E_INVALID_ROUTER_ADV | 0xC0040042 | An invalid IPv6 router advertisement was detected. |
| FWX_E_IPV6_ROUTING_HEADER | 0xC0040043 | An IPv6 routing header was found. |
| FWE_E_FAIL_TRANSACT_TO_TRANSITION_TO_IPSEC | 0xC0040044 | The firewall engine failed to apply the IPsec configuration. |
| FWE_E_FAIL_TRANSACT_TO_IPSEC | 0xC0040045 | The firewall engine entered an invalid state. |
The following are additional run-time codes that may be returned by the Firewall service and may appear as result codes in Forefront TMG logs.
| Symbolic name | Hexidecimal ID | Description |
|---|---|---|
| WSA_RWS_GRACEFUL_SHUTDOWN or FWX_E_GRACEFUL_SHUTDOWN | 0x80074E20 | A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. |
| WSA_RWS_ABORTIVE_SHUTDOWN or FWX_E_ABORTIVE_SHUTDOWN | 0x80074E21 | A connection was abortively closed after one of the peers sent an RST packet. |
| WSA_RWS_QUOTA or FWX_E_RULE_QUOTA_EXCEEDED_DROPPED | 0x80074E23 | A connection was rejected because the connection limit specifying the maximum number of connections that can be created for a rule during one second was exceeded. |
| WSA_RWS_CONNECTION_KILLED or FWX_E_CONNECTION_KILLED | 0x80074E24 | Forefront TMG closed an established connection before either peer requested to close it. This typically occurs when an application filter detects a protocol violation, such as a malformed HTTP request. |
| WSA_RWS_TIMEOUT or FWX_E_TIMEOUT | 0x80074E25 | A connection was terminated because it was idle for more than the time-out period, or the time-out on an incompleted action expired. |
| WSA_RWS_ADMIN_TERMINATE or FWX_E_ADMIN_TERMINATE | 0x80074E26 | A connetion was terminated from Forefront TMG Management, during shutdown, or when a VPN client was disconnected. |
Build date: 7/12/2010