Find a complete list of Active Directory LDAP error/data codes

active-directoryldap

I'm looking for an official list of LDAP error codes

Specifically given LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 531, v1db1

I'm looking for the data-code, in this case 531 = not permitted to logon at this workstation as found by the JIRA LDAP Error Code Documentation.

Best Answer

Microsoft makes a program named err.exe that you can download and use to look up error codes. More officially named the Microsoft Error Lookup Tool:

Use the Error Code Lookup tool to determine error values from decimal and hexadecimal error codes in Microsoft Windows® operating systems. The tool can look up one or more values at a time. All values on the command line will be looked up and presented to you. If available, informational data associated with the value or values will also be shown.

It provides error codes for Windows, SQL, Exchange, etc., etc.

There are also online implementations of it (such as http://errlookup.azurewebsites.net) in case you don't want to download the utility, or you want to do a lookup on a non-Windows device.

For example, looking up error code "49" returns a list that includes one for the winldap.h:

LDAP_INVALID_CREDENTIALS winldap.h

So in the winldap context, error 49 is an 'invalid credentials' error.

Looking up error 0x80090308 reports:

  SEC_E_INVALID_TOKEN                                          winerror.h    
# The token supplied to the function is invalid

Which, judging by the SEC_E, again points to an invalid security credential being passed.

Looking up error 531:

# for hex 0x531 / decimal 1329 :

  ERROR_INVALID_WORKSTATION                                    winerror.h    
# Logon failure: user not allowed to log on to this computer.

Which lines up with the error you looked up.

Related Question