Error Codes
Table 1 describes the ClearPass Policy Manager error codes:
Code |
Description |
Type |
0 |
Success |
Success |
101 |
Failed to perform service classification |
Internal Error |
102 |
Failed to perform policy evaluation |
Internal Error |
103 |
Failed to perform posture notification |
Internal Error |
104 |
Failed to query authstatus |
Internal Error |
105 |
Internal error in performing authentication |
Internal Error |
106 |
Internal Error |
|
201 |
User not found |
Authentication failure |
202 |
Password mismatch |
Authentication failure |
203 |
Failed to contact Authentication Source |
Authentication failure |
204 |
Failed to classify request to service |
Authentication failure |
205 |
Authentication Source not configured for service |
Authentication failure |
206 |
Access denied by policy |
Authentication failure |
207 |
Failed to get client MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Address in order to perform Web authentication |
Authentication failure |
208 |
No response from home server |
Authentication failure |
209 |
No password in request |
Authentication failure |
210 |
Authentication failure |
|
211 |
Client certificate not valid |
Authentication failure |
212 |
Client certificate has expired |
Authentication failure |
213 |
Certificate comparison failed |
Authentication failure |
214 |
No certificate in authentication source |
Authentication failure |
215 |
Authentication failure |
|
216 |
User authentication failed |
Authentication failure |
217 |
Search failed due to insufficient permissions |
Authentication failure |
218 |
Authentication source timed out |
Authentication failure |
219 |
Bad search filter |
Authentication failure |
220 |
Search failed |
Authentication failure |
221 |
Authentication source error |
Authentication failure |
222 |
Password change error |
Authentication failure |
223 |
Username not available in request |
Authentication failure |
224 |
CallingStationID not available in request |
Authentication failure |
225 |
User account disabled |
Authentication failure |
226 |
User account expired or not active yet |
Authentication failure |
227 |
User account needs approval |
Authentication failure |
228 |
User account has exceeded bandwidth limit |
Authentication failure |
229 |
User account has exceeded session duration limit |
Authentication failure |
230 |
User account has exceeded session count limit |
Authentication failure |
5001 |
Internal Error |
Command and Control |
5002 |
Invalid MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. Address |
Command and Control |
5003 |
Invalid request received |
Command and Control |
5004 |
Insufficient parameters received |
Command and Control |
5005 |
Query - No MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address record found |
Command and Control |
5006 |
Query - No supported actions |
Command and Control |
5007 |
Query - Cannot fetch MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address details |
Command and Control |
5008 |
Request: MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address not online |
Command and Control |
5009 |
Request: No MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address record found |
Command and Control |
6001 |
Unsupported TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. parameter in request |
|
6002 |
Invalid sequence number |
|
6003 |
Sequence number overflow |
|
6101 |
Not enough inputs to perform authentication |
|
6102 |
Authentication privilege level mismatch |
|
6103 |
No enforcement profiles matched to perform authentication |
|
6201 |
Authorization failed as session is not authenticated |
|
6202 |
Authorization privilege level mismatch |
|
6203 |
Command not allowed |
|
6204 |
No enforcement profiles matched to perform command authorization |
|
6301 |
New password entered does not match |
|
6302 |
Empty password |
|
6303 |
Change password allowed only for local users |
|
6304 |
Internal error in performing change password |
|
9001 |
Wrong shared secret |
|
9002 |
Request timed out |
|
9003 |
||
9004 |
Client rejected after PACProtected Access Credential. PAC is distributed to clients for optimized network authentication. These credentials are used for establishing an authentication tunnel between the client and the authentication server. provisioning |
|
9005 |
Client does not support posture request |
|
9006 |
Received error TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. from client |
|
9007 |
Received failure TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. from client |
|
9008 |
||
9009 |
||
9010 |
||
9011 |
||
9012 |
||
9013 |
Session resumption failed |
|
9014 |
Cached session data error |
|
9015 |
Client does not support configured EAPExtensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. methods |
|
9016 |
Client did not send CryptobindingShort for cryptographic binding. A procedure in a tunneled EAP method that binds together the tunnel protocol and the tunneled authentication methods, ensuring the relationship between a collection of data assets. Cryptographic binding focuses on protecting the server; mutual cryptographic binding protects both peer and server. TLVType-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. |
|
9017 |
Failed to contact OCSPOnline Certificate Status Protocol. OCSP is used for determining the current status of a digital certificate without requiring a CRL. Server |
|
9018 |
||
9019 |
Client sent conflicting identities |
Was this information helpful?
Great! Thanks for the feedback
Sorry about that! How can we improve it? Send your comments and suggestions!