Error
code
|
Fatal
disconnect
|
Credentials
cleared
|
Failover
|
Description
|
1
|
|
|
|
Graceful
|
2
|
 |
 |
|
Terminated by Mobility server.
The first time a Mobility client connects to a NetMotion Mobility server, the server registers the mobile device and assigns it a unique PID that is then stored in the client system registry. Duplicate PIDs cause sessions to disconnect; see technical note 1487 for full details.
|
3
|
|
|
|
Denied
The connection completed with an error.
|
4
|
|
|
|
Discarded
|
5
|
|
|
|
Invalid Packet Error
The frame received was either fragmented or from an older session.
|
6
|
|
|
|
Circuit Timeout
The Internet Mobility Protocol (IMP) has timed out. The IMP compensates for differences between wireline and less reliable networks, and adjusted frame sizes and protocol timing reduce network traffic. It also provides a firewall function by giving only authenticated devices access to the enterprise network.
|
7
|
|
|
|
The client session was terminated due to lack of resources on the Mobility server. Please see the server event log for more information.
The event log is available from the Mobility console: click Events on the Server Status page.
|
8
|
|
|
|
Link inactivity timeout
Link inactivity is the length of time the Mobility server maintains a connection to an inactive Mobility client. Timeouts are set on the Client Settings page of the Mobility console.
|
9
|
|
|
|
Life Timeout
There has not been enough time to terminate the connection.
|
10
|
|
|
|
Server network interface changed.
This is a "soft" disconnect (clients will attempt to reconnect without user intervention.)
|
11
|
|
|
|
Connection was terminated by the administrator.
A disconnect with abort was issued for all connected devices.
|
12
|
|
|
|
Pidgen Accept
When the Mobility client does not yet have a valid PID it generates a "pidgen" request and sends it to the Mobility server. If the PID is unique it is offered to the client, which returns a pidgen ACCEPT or REJECT.
|
13
|
|
|
|
Pidgen Reject
See "Pidgen Accept" above.
|
14
|
|
|
|
Pidgen Offer Timeout
The Mobility client's request for a PID from the server timed out; the session is closed.
|
15
|
|
|
|
Internal security error. Check event log.
Terminate the session.
|
16
|
|
|
|
DHCP Lease Expiration
The DHCP lease has expired for this session.
|
17
|
|
|
|
Connect Data Invalid
Not enough buffer space is available for the requested operation; contact Technical Support (login required).
|
18
|
|
|
|
User is not configured for Mobility registration privileges. Contact your Mobility administrator.
PID privileges are not yet set.
|
19
|
|
|
|
Invalid parameter
|
20
|
|
|
|
Already assigned.
The PID is already in use.
|
21
|
|
|
|
Machine name already exists.
The machine alias is already in use. For example, you logged in to one device as <domain name>\User1, the device was unexpectedly shut off, and you tried to log on to another machine with the same name.
|
22
|
|
|
|
Class Does Not Exist
The Mobility device class to which you were assigned has been deleted. Device classes are specified in the Mobility console, on the Client Settings page.
|
23
|
|
|
|
Mobility server does not allow guest devices to connect.
(Mobility version 5.01 and earlier.) In version 6.00 and later, devices connecting to a Mobility server for the first time and devices that originally registered on a different Mobility server are assigned to the "New" device class by default.
|
24
|
|
|
|
User is not in the 'NetMotion Users' group. Contact your Mobility administrator.
(NTLM authentication only.) In order to be authenticated, a user must either belong to the NetMotion Users group or another domain group that the system administrator has set up.
|
25
|
|
|
|
System is out of memory.
|
26
|
|
|
|
More data.
|
27
|
|
|
|
No available virtual addresses.
The Mobility server can be set up to assign virtual addresses to mobile devices from a pool of valid IP addresses set aside for this purpose. These must be IP addresses that are valid on your network, do not duplicate the IP address of another machine, and are on the same subnet as the Mobility server. This message indicates that all of the IP addresses in the pool are in use.
|
28
|
|
|
|
No such group.
The Mobility group to which you were assigned has been deleted.
|
29
|
|
|
|
Already exists.
Device already exists.
|
30
|
|
|
|
User name could not be authenticated.
Authentication is the process of verifying that a user is who he says he is, based on his password. Mobility offers a choice of NTLM version 2, RADIUS, or RSA authentication.
|
31
|
|
|
|
Machine name could not be authenticated.
|
32
|
|
|
|
Invalid virtual address, not valid on any Mobility server subnet.
|
33
|
|
|
|
The Mobility server failed to get a virtual address due to a DHCP timeout, the DHCP server is not responding.
|
34
|
|
|
|
No Mobility server address could be obtained from DHCP.
|
35
|
|
|
|
User has logged off.
|
36
|
|
|
|
Device did not respond to roaming security-check.
The Mobility client has failed to respond to a security challenge from the server after the client roamed from one network or subnet to another. This error message appears only if encryption is disabled.
|
37
|
|
|
|
Unknown error.
|
38
|
|
|
|
Application inactivity timeout.
A period of inactivity has terminated the connection. Application inactivity is the length of time the Mobility server maintains a connection to a Mobility client that is in range but during which no application traffic is sent to or received from the mobile device. Timeouts are set on the Client Settings page of the Mobility console.
|
39
|
|
|
|
Timeout waiting to connect.
|
40
|
|
|
|
Never been connected.
No PID.
|
41
|
|
|
|
The virtual address is in use by another host; contact the system administrator.
The Mobility server can be set up to assign virtual addresses to mobile devices from a pool of valid IP addresses. This message may appear when different Mobility servers have virtual IP address pools that overlap.
|
42
|
|
|
|
The Mobility server has been shut down by the administrator.
|
43
|
|
|
|
The Mobility server has been unloaded by the administrator.
|
44
|
|
|
|
The version of the Mobility server is not compatible with the client.
If you have a mixture of client versions connecting to your server(s), for example, users of older (pre-6.60) clients will see this error and be denied connections unless the server setting Security—FIPS Required is cleared. Also see technical note 2189.
|
45
|
|
|
|
A security message has been altered.
A security message is part of the authentication of users, re-authentication after roaming, and a cryptographic exchange for an encrypted session. This error message will appear if it has been corrupted or altered in any way.
|
46
|
|
|
|
The DHCP request for a new lease was denied.
|
47
|
|
|
|
The evaluation period for this installation has expired.
|
48
|
|
|
|
This demo installation is about to expire.
|
49
|
|
|
|
The configured Data Protection Class is not supported.
There is a mismatch between the security settings on the Mobility server and client (e.g., the client is set to Triple-DES and the server is using AES).
|
50
|
|
|
|
Client-side manual disconnect.
|
51
|
|
|
|
Logon cancelled.
|
52
|
|
|
|
The Mobility server refused a non-secure connection. You must have a secure Mobility client to connect to this server.
|
53
|
|
|
|
The configured Data Compression Class is not supported.
|
54
|
|
|
|
Security check failed: data has been modified in transit.
|
55
|
|
|
|
Client Inactivity
|
56
|
|
|
|
Password Expired
|
57
|
|
|
|
You have exceeded the license limit for user sessions through the Mobility server. Please notify the system administrator.
See tech note 2153 for instructions on how to clean up unused devices on the Mobility server.
|
58
|
|
|
|
Failover to Alternate Server
If a Mobility server fails, Mobility clients will automatically try to connect to an alternate server in the server pool. Although server failover does not provide session persistence, it allows the client to easily reestablish network connectivity.
|
59
|
|
|
|
Invalid duplicate virtual address. Check the server's configuration as another client session already has this virtual IP address.
See tech note 2181 for full details.
|
60
|
|
|
|
Invalid date and time compared with the server's time. Check the date, time, and daylight savings settings and try again.
See technical note 2163 for full details.
|
61
|
|
|
|
Authentication Scheme is invalid. Contact your system administrator.
Mobility XE can use the NTLM version 2 or RADIUS authentication protocol to validate the credentials of Mobility users. The Authentication—Protocol is a global server setting configured on the Server Settings page of the Mobility console. A Mobility server cannot use both protocols concurrently, and all Mobility servers in a pool must use the same protocol to authenticate all users.
|
62
|
|
|
|
The version of client software does not support a feature enabled on the server.
You'll see this message if, for example, you connect a client device running version 4.x to a Mobility server that is licensed for the Policy Management module: the policy option was not offered until version 5.0.
|
63
|
|
|
|
The version of server software does not support a feature enabled on the client.
|
64
|
|
|
|
Unable to establish authenticated session. Check the Mobility server Event Log.
The event log is available from the Mobility console: click Events on the Server Status page.
|
65
|
|
|
|
Account has been locked out. Contact your system administrator.
The administrator has quarantined this client device or user:
|
66
|
|
|
|
Account has been disabled. Contact your system administrator.
|
67
|
|
|
|
Attempting to log on during restricted hours.
|
68
|
|
|
|
Reconnection initiated by the administrator.
The Mobility system administrator has forced the selected connection to terminate and the Mobility client to immediately reconnect using cached credentials. The administrator may do this to refresh settings or policies on the client device, which only occurs when the client connects to a server.
|
69
|
|
|
|
The client session no longer exists on the server.
This error is often the result of a duplicate PID, caused by ghosting (cloning); see technical note 1486 for more details.
|
70
|
|
|
|
Connection was forced to fail over by the administrator.
You'll see this message on the Mobility client when a system administrator terminates a connection and forces the Mobility client to attempt to connect to a failover server in the server pool. A forced failover might be done, for example, when a Mobility server is taken offline.
|
71
|
|
|
|
No connections are being accepted by the server.
The server's resources are exhausted: the maximum number of connections has been reached, or the system's resources—for example, CPU or non-paged memory—are used up. Alternatively, the server may be offline: check server status in the Mobility console.
|
72
|
|
|
|
Device or user has been quarantined and cannot access the network. Please contact your system administrator.
A Mobility client device or user that has been quarantined cannot connect to a Mobility server. The system administrator can quarantine a device class, device, user group, or individual user using the Mobility console.
|
73
|
|
|
|
Connection has been redirected.
If you are using a pool of Mobility servers, client devices can be redirected to a different server in the pool for failover or load balancing.
|
74
|
|
|
|
This device has been disabled because licenses have expired or been deleted. Please contact your system administrator.
|
75
|
|
|
|
Unspecified error.
|
76
|
|
|
|
Unspecified error.
|
78
|
|
|
|
Unspecified error.
|
79
|
|
|
|
Unspecified error. Failover to Alternate Server>
|
80
|
|
|
|
Unspecified error. Failover to Alternate Server>
|
81
|
|
|
|
Unspecified error.
|
82
|
|
|
|
Unspecified error. Failover to Alternate Server>
|
83
|
|
|
|
Unspecified error. Failover to Alternate Server
|
84
|
|
|
|
Unspecified error.
|
85
|
|
|
|
Unspecified error.
|
86
|
|
|
|
Unspecified error.
|
87
|
|
|
|
Unspecified error. Failover to Alternate Server
|
88
|
|
|
|
Unspecified error. Failover to Alternate Server
|
89
|
|
|
|
Unspecified error.
|
90
|
|
|
|
Unspecified error. Failover to Alternate Server
|
91
|
|
|
|
Unspecified error. Failover to Alternate Server
|
92
|
|
|
|
Mobility warehouse connection is down. Contact system administrator.
|
93
|
|
|
|
Mobility server cannot register new devices. Warehouse is read-only. Contact system administrator.
If the master warehouse fails, Mobility servers connected to that warehouse automatically fail over to a standby warehouse (the 'dedicated consumer' in Sun's terminology). While servers are connected to a standby warehouse, the Mobility XE system will continue to service existing connections and accept new ones. However, the standby warehouse is read-only, so the Mobility server will not be able to save modified settings or perform other tasks that involve writing to the warehouse.
|
94
|
|
|
|
This client is configured for a Mobility server address that is not in the External Server Addresses list. Contact your administrator to configure this setting in the Mobility Console.
(In version 6.01 and earlier, this setting was called Alternate Server Addresses.) See technical note 2164 for full details.
|
95
|
|
|
|
Server session no longer exists on client (probably due to failover).
|
96
|
|
|
|
Virtual adapter disabled (version 6.50 or later)
The NetMotion Mobility network interface is disabled. If it was temporarily disabled when you were installing third-party software, you may need to reboot the client device to re-enable Mobility.
|
97
|
|
|
|
Setup/upgrade in process. The Mobility client must be rebooted in order to reconnect.
|
98
|
|
|
|
Client established new connection from same device. A server session was terminated because the client has established a new connection from the same device.
|
99
|
|
|
|
Client incompatible with policy. This version of the Mobility client is incompatible with the current policy.
If you are implementing rule sets that use conditions or actions added in version 6.50, you have two choices regarding older clients: see technical note 2147.
|
100
|
|
|
|
Client not FIPS-enabled (version 6.60 or later)
This version of the Mobility client is incompatible with the server's FIPS security requirements.
|
101
|
|
|
|
There are currently no logon servers available to service the logon request.
The Mobility server was unable to connect to the authentication server (RADIUS, Active Directory, etc.) to authenticate the user.
|
102
|
|
|
|
Challenge to client has timed out.
|
103
|
|
|
|
The Mobility Warehouse connection is busy. Continuing trying to connect.
|
104
|
|
|
|
The RADIUS Authentication server quit responding. The RADIUS servers are either all offline or the domain is not recognized.
|
105
|
|
|
|
The client cannot be logged on because the RADIUS server does not support the configured EAP type. Contact your system administrator.
|
106
|
|
|
|
The client cannot be logged on because the RADIUS server does not support Identity Hiding and Mobility cannot establish the UserID. Contact your system administrator.
|
107
|
|
|
|
The client session was terminated. The server does not allow secondary users access to the VPN.
|
108
|
|
|
|
The client session was terminated. The connection owner has logged off.
|
109
|
|
|
|
The Mobility Client does not comply with Network Access Control Rules. For more information, go to Mobility Client Properties -> Details -> NAC Details.
The NAC Details screen provides information about the reason(s) the client device is out of compliance with its NAC ruleset.
|
110
|
|
|
|
The Mobility Client has been quarantined because it does not comply with Network Access Control Rules.
The NAC Details screen provides information about the reason(s) the client device is out of compliance with its NAC ruleset. After the device has been brought back into compliance, a Mobility system administrator will have to remove it from quarantine before it will be allowed to connect.
|
111
|
|
|
|
This version of the Mobility Client has been disallowed by the administrator. Contact your system administrator to upgrade to a supported version.
|
112
|
|
|
|
The Mobility Client is shutting down or restarting.
|
113
|
|
|
|
An authentication or configuration timeout occurred on the server during connection process.
|
115
|
|
|
|
Client session cleared because a newer session was found on another server.
While the client was out of range or otherwise out of contact with the server, it disconnected its current session and established a new session to another server in the pool. The older session with the first server was left in a stale state and was then removed.
|
