Active Directory related Error Messages
Table below describes the error codes when issues occur with your Active Directory connection.
|
Error Code |
Error Message |
Description |
Corrective Action |
|---|---|---|---|
|
AUT30833 |
Authentication failure for AD realm <realm-name> due to large time drift. Please make sure the system time on this device and Active Directory server <server-name> are in sync. |
This notification signifies that the Ivanti Policy Secure device time and the Active Directory server time are not in sync. |
Ensure that the Ivanti Policy Secure device and AD server date and time are always in sync. Use Network Time Protocol (NTP) server to set the date and time for both appliances. |
|
AUT30834 |
Authentication failure for AD server <server-name>: protocol disallowed by configuration |
The configured authentication protocol is not supported on AD server. |
The UPN format for user login is not supported for MS-CHAP v2. Check the configuration. |
|
SYS30901 |
Active Directory authentication server <server-name>: Invalid AD credentials while attempting to join the domain. If not joined, user and machine authentication will fail. |
The user credentials used to join the AD domain is invalid. Please use valid credentials to join the AD domain. |
Please use valid credentials to join the AD domain. |
|
SYS30912 |
Active Directory authentication server <server-name>: No logon servers are currently available. Device could not connect to any domain controller of the domain. |
The current Active Directory domain controller is not reachable; the user or machine authentication requests fail for a few seconds (less than 2 minutes) before attempting to authenticate users with another domain controller in the Active Directory domain. |
Ensure that the AD domain controller is reachable. For more details, see Microsoft AD Quick Reference Troubleshooting Guide |
|
AUT30899 |
Active Directory authentication server, <server-name>: Received access denied message from the server. |
The access to the AD server is denied. |
The access is denied due to invalid AD credentials, trust password mismatch and so on. For more information, see Microsoft Technet. |
|
AUT24414 |
Authentication succeeded |
The login succeeded for <UserName>/<Realm Name> from <IP address/MAC Address> of the <User Agent>. |
Not Applicable |
|
AGU30457 |
Starting dsagentd session |
The login session is created successfully. The session is being monitored for logout, role changes, time-outs and so on. |
Not Applicable |
|
AUT24326 |
Authentication succeeded |
The authentication is successful for <username>/<auth server display name> from <IP address of endpoint from where user logins/ calling station MAC address for L2> <Custom source IP address> |
Not Applicable |
|
AUT24327 |
Authentication failed |
The authentication failed for the <username>/<authentication server> from the following <IP Address/ MAC Address>. |
If the authentication server is AD then check the previous logs related to the authentication flow. Check the user login logs from admin console Maintenance > Troubleshooting page. Try restarting winbind services. |
|
AUT24803 |
Host Checker passed |
The Host Checker policy passed on host address for the user. |
NA |
|
AUT22925 |
Host Checker failed |
This message signifies the Host Checker failure. It displays the policy name and reasons for policy failure. |
•Possible reasons could be incorrect ESAP package. See KB. •Incorrect rule configuration. |