|
Kerberos RFC description
|
Notes on common failure codes
|
Dec
|
Hex
|
1
|
0x1
|
Client's entry in database has expired
|
|
2
|
0x2
|
Server's entry in database has expired
|
|
3
|
0x3
|
Requested protocol version # not supported
|
|
4
|
0x4
|
Client's key encrypted in old master key
|
|
5
|
0x5
|
Server's key encrypted in old master key
|
|
6
|
0x6
|
Client not found in Kerberos database
|
Bad user name, or new computer/user account has not replicated to DC yet
|
7
|
0x7
|
Server not found in Kerberos database
|
New computer account has not replicated yet or computer is pre-w2k
|
8
|
0x8
|
Multiple principal entries in database
|
|
9
|
0x9
|
The client or server has a null key
|
administrator should reset the password on the account
|
10
|
0xA
|
Ticket not eligible for postdating
|
|
11
|
0xB
|
Requested start time is later than end time
|
|
12
|
0xC
|
KDC policy rejects request
|
Workstation/logon time restriction
|
13
|
0xD
|
KDC cannot accommodate requested option
|
|
14
|
0xE
|
KDC has no support for encryption type
|
|
15
|
0xF
|
KDC has no support for checksum type
|
|
16
|
0x10
|
KDC has no support for padata type
|
|
17
|
0x11
|
KDC has no support for transited type
|
|
18
|
0x12
|
Clients credentials have been revoked
|
Account disabled, expired, or locked out.
|
19
|
0x13
|
Credentials for server have been revoked
|
|
20
|
0x14
|
TGT has been revoked
|
|
21
|
0x15
|
Client not yet valid - try again later
|
|
22
|
0x16
|
Server not yet valid - try again later
|
|
23
|
0x17
|
Password has expired
|
The user’s password has expired.
|
24
|
0x18
|
Pre-authentication information was invalid
|
Usually means bad password
|
25
|
0x19
|
Additional pre-authentication required*
|
|
31
|
0x1F
|
Integrity check on decrypted field failed
|
|
32
|
0x20
|
Ticket expired
|
Frequently logged by computer accounts
|
33
|
0x21
|
Ticket not yet valid
|
|
33
|
0x21
|
Ticket not yet valid
|
|
34
|
0x22
|
Request is a replay
|
|
35
|
0x23
|
The ticket isn't for us
|
|
36
|
0x24
|
Ticket and authenticator don't match
|
|
37
|
0x25
|
Clock skew too great
|
Workstation’s clock too far out of sync with the DC’s
|
38
|
0x26
|
Incorrect net address
|
IP address change?
|
39
|
0x27
|
Protocol version mismatch
|
|
40
|
0x28
|
Invalid msg type
|
|
41
|
0x29
|
Message stream modified
|
|
42
|
0x2A
|
Message out of order
|
|
44
|
0x2C
|
Specified version of key is not available
|
|
45
|
0x2D
|
Service key not available
|
|
46
|
0x2E
|
Mutual authentication failed
|
may be a memory allocation failure
|
47
|
0x2F
|
Incorrect message direction
|
|
48
|
0x30
|
Alternative authentication method required*
|
|
49
|
0x31
|
Incorrect sequence number in message
|
|
50
|
0x32
|
Inappropriate type of checksum in message
|
|
60
|
0x3C
|
Generic error (description in e-text)
|
|
61
|
0x3D
|
Field is too long for this implementation
|
|