Error Codes

Table 1 describes the ClearPass Policy Manager error codes:

Table 1: Policy Manager Policy Manager Error Codes

Code

Description

Type

0

Success

Success

101

Failed to perform service classification

Internal Error

102

Failed to perform policy evaluation

Internal Error

103

Failed to perform posture notification

Internal Error

104

Failed to query authstatus

Internal Error

105

Internal error in performing authentication

Internal Error

106

Internal error in RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server

Internal Error

201

User not found

Authentication failure

202

Password mismatch

Authentication failure

203

Failed to contact Authentication Source

Authentication failure

204

Failed to classify request to service

Authentication failure

205

Authentication Source not configured for service

Authentication failure

206

Access denied by policy

Authentication failure

207

Failed to get client MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Address in order to perform Web authentication

Authentication failure

208

No response from home server

Authentication failure

209

No password in request

Authentication failure

210

Unknown CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. in client certificate

Authentication failure

211

Client certificate not valid

Authentication failure

212

Client certificate has expired

Authentication failure

213

Certificate comparison failed

Authentication failure

214

No certificate in authentication source

Authentication failure

215

TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. session error

Authentication failure

216

User authentication failed

Authentication failure

217

Search failed due to insufficient permissions

Authentication failure

218

Authentication source timed out

Authentication failure

219

Bad search filter

Authentication failure

220

Search failed

Authentication failure

221

Authentication source error

Authentication failure

222

Password change error

Authentication failure

223

Username not available in request

Authentication failure

224

CallingStationID not available in request

Authentication failure

225

User account disabled

Authentication failure

226

User account expired or not active yet

Authentication failure

227

User account needs approval

Authentication failure

228

User account has exceeded bandwidth limit

Authentication failure

229

User account has exceeded session duration limit

Authentication failure

230

User account has exceeded session count limit

Authentication failure

5001

Internal Error

Command and Control

5002

Invalid MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  Address

Command and Control

5003

Invalid request received

Command and Control

5004

Insufficient parameters received

Command and Control

5005

Query - No MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address record found

Command and Control

5006

Query - No supported actions

Command and Control

5007

Query - Cannot fetch MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address details

Command and Control

5008

Request: MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  address not online

Command and Control

5009

Request: No MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address record found

Command and Control

6001

Unsupported TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. parameter in request

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Protocol

6002

Invalid sequence number

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Protocol

6003

Sequence number overflow

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Protocol

6101

Not enough inputs to perform authentication

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authentication

6102

Authentication privilege level mismatch

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authentication

6103

No enforcement profiles matched to perform authentication

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authentication

6201

Authorization failed as session is not authenticated

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authorization

6202

Authorization privilege level mismatch

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authorization

6203

Command not allowed

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authorization

6204

No enforcement profiles matched to perform command authorization

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Authorization

6301

New password entered does not match

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Change Password

6302

Empty password

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Change Password

6303

Change password allowed only for local users

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Change Password

6304

Internal error in performing change password

TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. Change Password

9001

Wrong shared secret

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9002

Request timed out

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9003

Phase 2 PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server. failure

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9004

Client rejected after PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server. provisioning

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9005

Client does not support posture request

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9006

Received error TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. from client

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9007

Received failure TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. from client

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9008

Phase 2 PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server.  not found

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9009

Unknown Phase 2 PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9010

Invalid Phase 2 PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9011

PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server. verification failed

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9012

PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server. binding failed

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9013

Session resumption failed

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9014

Cached session data error

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9015

Client does not support configured EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  methods

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9016

Client did not send CryptobindingShort for cryptographic binding. A procedure in a tunneled EAP method that binds together the tunnel protocol and the tunneled authentication methods, ensuring the relationship between a collection of data assets. Cryptographic binding focuses on protecting the server; mutual cryptographic binding protects both peer and server. TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed.

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9017

Failed to contact OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL.  Server

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9018

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  protocol error

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol

9019

Client sent conflicting identities

RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Protocol