Troubleshooting > Disconnect Reasons and Error Messages
  NetMotion

Disconnect Reasons and Error Messages

NetMotion Mobility disconnect errors occur when a client gets disconnected or is refused a connection. This section lists the possible disconnect errors, the accompanying message, and (in some cases) a more detailed description.

You may also see Microsoft Win32 error codes while you are using Mobility if, for example, you try to log on with an invalid password. Descriptions of the Windows-specific (Win32) error codes are available on the Microsoft web site:

http://msdn.microsoft.com/en-us/library/ms681382(VS.85).aspx

Error Code
State of
Mobility Client
Message /Description
1
 
Graceful disconnect
2
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Terminated by Mobility server
The first time a Mobility client connects to a NetMotion Mobility server, the server registers the mobile device and assigns it a unique PID (permanent identification number). For Mobility clients running on Windows, the PID is stored in the system registry. Duplicate PIDs cause sessions to disconnect.
For information about clearing up “stale” sessions in the Mobility console, see Managing Duplicate Mobility Sessions.
3
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Denied.
Indicates an RPC error at the IMP (Internet Mobility Protocol) layer. See Remote Procedure Call and Internet Mobility Protocols for a description of RPC and IMP.
4
 
Discarded.
The connection attempt was discarded because of an unexpected resource allocation failure during the connection process.
5
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Invalid packet error.
The frame received was either fragmented or from an older session.
6
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Timeout communicating with the Mobility server.
The Internet Mobility Protocol (IMP) session has timed out due to inactivity. The IMP compensates for differences between wireline and less reliable networks, and adjusted frame sizes and protocol timing reduce network traffic. It also provides a firewall function by giving only authenticated devices access to the enterprise network.
7
Failover
The client session was terminated due to lack of resources on the Mobility server. Contact the Mobility administrator.
The event log is available from the Mobility console: click Events on the Server Status page.
8
Disconnected
Credentials cleared
Failover
Link inactivity timeout.
Link inactivity is the length of time the Mobility server maintains a connection to an inactive Mobility client. Timeouts are set on the Client Settings page of the Mobility console.
9
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
IMP session timeout.
The Internet Mobility Protocol (IMP) session has timed out (the default timeout is 7 days). See error code 6 for a description of IMP.
10
 
Server network interface changed
This is a “soft” disconnect (clients will attempt to reconnect without user intervention.)
11
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Connection was terminated by the Mobility administrator
12
 
PID accept.
When the Mobility client does not yet have a valid PID it generates a “pidgen” request and sends it to the Mobility server. If the PID is unique it is offered to the client, which returns a pidgen ACCEPT or REJECT.
13
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
PID reject.
See error code 12.
14
 
PID offer timeout.
The Mobility client's request for a PID from the server timed out; the session is closed.
15
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Internal security error. Check event log.
Terminate the session and check the event log.
16
 
DHCP lease expiration.
The DHCP lease has expired for this session.
17
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Connect data invalid
The packet’s data size was corrupted in transit.
18
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
User is not configured for Mobility registration privileges. Contact the Mobility administrator.
19
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Invalid parameter.
20
 
Already assigned
When a Mobility client connects to a Mobility server for the first time, the server registers the mobile device and assigns it a unique, permanent identification (PID) number, which the client uses for all subsequent connections. This PID is already in use; see Managing Duplicate Mobility Sessions for remediation steps.
21
 
Machine name already exists.
The computer alias is already in use. For example, you logged in to one device as <domain name>\User1, the device was unexpectedly shut off, and you tried to log on to another computer with the same name.
22
 
Device group does not exist
The Mobility device group to which you were assigned has been deleted. Device groups are specified in the Mobility console (select Device Groups on the Configure menu).
23
Disconnected
Failover
(Windows) Network traffic is also blocked
Mobility server does not allow guest devices to connect.
(Mobility v5.01 and earlier.) In v6.00 and later, devices connecting to a Mobility server for the first time and devices that originally registered on a different Mobility server are assigned to the New device group by default.
24
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
User is not in the 'NetMotion Users' group. Contact the Mobility administrator.
(NTLM authentication only.) In order to be authenticated, a user must either belong to the NetMotion Users group or another domain group that the system administrator has set up. See Adding a Mobility User (NTLM Authentication) for more information.
25
Failover
System is out of memory.
26
Retry (reconnect)
More data.
27
Failover
No available virtual addresses
The Mobility server can be set up to assign virtual addresses to mobile devices from a pool of valid IP addresses set aside for this purpose. The addresses must meet the following requirements:
They are valid on your network
They do not duplicate the IP address of another computer
This error message indicates that all of the IP addresses in the pool are in use. See Setting up an IP Address Pool for details on creating a pool of IP addresses.
28
 
No such group.
The Mobility user or device group to which you were assigned has been deleted.
29
 
User or device already exists
Device already exists.
30
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
User name could not be authenticated.
This error occurs when an unauthorized user attempts to use a session. This can occur, for example, if you use RDP to connect to a computer running Mobility with user credentials that do not match yours.
31
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Computer name could not be authenticated.
32
Disconnected
Failover
(Windows) Network traffic is also blocked
Invalid virtual address; not valid on any Mobility server subnet
To allocate Mobility client IP addresses from a virtual address pool you must specify both a virtual address range (or ranges) and the subnet mask that will be applied to the addresses in the pool. See Allocating Mobility Client IP Addresses from a Virtual Address Pool for more information.
33
 
The Mobility server failed to get a virtual address due to a DHCP timeout; the DHCP server is not responding.
34
(Windows) Network traffic is blocked
No Mobility server address could be obtained from DHCP.
35
Credentials cleared
User has logged off.
36
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Device did not respond to roaming security check.
The Mobility client has failed to respond to a security challenge from the server after the client roamed from one network or subnet to another. This error message appears only if encryption is disabled.
37
 
Unknown error.
38
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Application inactivity timeout
A period of inactivity has terminated the connection. Application inactivity is the length of time the Mobility server maintains a connection to a Mobility client that is in range but during which no application traffic is sent to or received from the mobile device. Timeouts are set on the Client Settings page of the Mobility console.
39
 
Timeout waiting to connect.
40
 
Never been connected.
When a Mobility client connects to a Mobility server for the first time, the server registers the mobile device and assigns it a unique, permanent identification (PID) number, which the client uses for all subsequent connections. This client has not previously connected to a Mobility server and does not have a PID.
41
Failover
The virtual address is in use by another host; contact the Mobility administrator.
This message appears when another computer on the network is assigned the same VIP address. This may be caused by:
Overlapping IP address ranges in the pool of virtual addresses
Duplicate static IP assignment for multiple devices
Overlapping ranges on a DHCP server
A rogue DHCP server
A DHCP server that has lost its lease database
For IP address assignment options, see Assigning IP Addresses to Mobility Clients.
42
Failover
The Mobility server has been shut down by the Mobility administrator.
43
 
The Mobility server has been unloaded by the Mobility administrator.
44
Disconnected
Failover
(Windows) Network traffic is also blocked
This version of the Mobility server is not compatible with the client.
This error can occur in these situations:
When a client is not supported on the Mobility server to which it is trying to connect. This is the error you see, for example, if a Mobility v10 client running Windows 8 or Android tries to connect to a Mobility server running v9.5x.
When a client is subscribed to a Policy Management rule set that it cannot support. Use the Compatibility check option to specify what to do when a client cannot support a policy rule set. See Editing and Ordering a Policy Rule Set or Editing a Network Access Control Rule Set.
45
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Invalid security message.
A security message is part of the authentication of users, re-authentication after roaming, and a cryptographic exchange for an encrypted session. This error message will appear if it has been corrupted or altered in any way.
This disconnect also occurs when a user's cached password is no longer valid. For example, if a user has changed the password on one computer, and then logs on to another, previously used computer, Mobility will use the cached (and now outdated) password during reauthentication. For Windows clients, see How the Windows and Mobility Logons Interact for more information.
46
 
The DHCP request for a new lease was denied.
47
Disconnected
(Windows) Network traffic is also blocked
The evaluation period for this installation has expired
48
 
This demo installation is about to expire
49
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The configured Data Protection Class is not supported.
There is a mismatch between the security settings on the Mobility server and client (for example, the client is set to Triple-DES and the server is using AES).
50
 
Manual Disconnect.
The Mobility client user manually disconnected from the Mobility server; the mobile VPN is off.
51
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
User disconnected.
52
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The Mobility server refused a non-secure connection. You must have a secure Mobility client to connect to this server.
53
 
The configured Data Compression Class is not supported.
54
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Security check failed: data has been modified in transit.
55
 
Client inactivity.
56
 
Password expired.
57
Failover
(Windows) Network traffic is also blocked
You have exceeded the license limit for devices registered in the Mobility server pool. Notify the Mobility administrator.
See Removing Unused Devices for instructions on how to clean up unused devices on the Mobility server.
58
 
Failover to alternate server.
If a Mobility server fails, Mobility clients will automatically try to connect to an alternate server in the server pool. Although server failover does not provide session persistence, it allows the client to easily reestablish network connectivity. See How Failover Works for more information.
59
 
Invalid duplicate virtual IP address; another client session already has this address. Check the server's configuration.
This error occurs when clients that are connecting to the same Mobility server share the same address. See Troubleshooting an Invalid Duplicate Virtual Address for steps on resolving this error.
60
Disconnected
(Windows) Network traffic is also blocked
Client time may be out of sync with server time. Check the client date, time, and time zone settings and try again.
If the Mobility server is using NTLM for user authentication, confirm that the system date and time on the Mobility client device is within 30 minutes of the time on the Mobility server. Set the time and time zone for the client's geographical location; the server allows for time zone differences.
61
Disconnected
(Windows) Network traffic is also blocked
Authentication mode or protocol is invalid. Contact the Mobility administrator.
Mobility can use various authentication protocols (NTLM, RSA SecurID, RADIUS - LEAP, or RADIUS - EAP (PEAP and EAP-TLS) to validate the credentials of Mobility users. Authentication - Protocol is configured on the Authentication Settings page of the Mobility console.
62
Disconnected
Failover
(Windows) Network traffic is also blocked
The version of client does not support a feature enabled on the server.
You'll see this message if, for example, a client device running Mobility version 8.51 tries to connect to a server for which the client setting Authentication - Mode is set to Unattended. (Unattended mode was added in Mobility v9.0.)
63
Disconnected
Failover
(Windows) Network traffic is also blocked
The version of server does not support a feature enabled on the client.
64
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Unable to establish authenticated session. Contact the Mobility administrator.
Unable to establish authenticated session. Check the domain membership of the Mobility server (has it expired?). If you are running Mobility on a virtual system, check the virtual image (is it current?). Check the Mobility server event log, available from the Mobility console (click Events on the Server Status page). See Event Log Page for more information.
65
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Account has been locked out. Contact the Mobility administrator.
The administrator has quarantined this client device or user:
A quarantined user will be unable to connect with any Mobility client.
A quarantined device will be unable to connect even if the user has valid credentials and has not been quarantined.
66
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Account has been disabled. Contact the Mobility administrator.
67
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Attempting to log on during restricted hours.
68
 
Reconnection initiated by the Mobility administrator.
The Mobility administrator has forced the selected connection to terminate and the Mobility client for Windows to immediately reconnect using cached credentials. The administrator may do this to refresh settings or policies on the client device, which only occurs when the client connects to a server.
This disconnect reason is not displayed on the Mobility client for iPhone, iPad, or Android.
69
 
The client session no longer exists on the server.
This error is often the result of a duplicate PID, caused by ghosting (cloning). See Cloning Client Configuration for more information. For information about clearing up “stale” sessions in the Mobility console, see Managing Duplicate Mobility Sessions.
70
Failover
Connection was forced to fail over by the Mobility administrator.
You'll see this message on the Mobility client when a Mobility administrator terminates a connection and forces the Mobility client to attempt to connect to a failover server in the server pool. A forced failover might be done, for example, when a Mobility server is taken offline.
71
Failover
No connections are being accepted by the server.
There are several possible reasons for this error:
The server is offline: check server status in the Mobility console.
The maximum number of connections has been reached.
The server's resources—for example, CPU or non-paged memory—are exhausted.
72
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Device or user has been quarantined and cannot access the network. Contact the Mobility administrator.
A Mobility client device or user that has been quarantined cannot connect to a Mobility server. The Mobility administrator can quarantine a device group, device, user group, or individual user using the Mobility console.
73
Disconnected
(Windows) Network traffic is also blocked
Connection has been redirected.
If you are using a pool of Mobility servers, client devices can be redirected to a different server in the pool for failover or load balancing.
74
Disconnected
(Windows) Network traffic is also blocked
This device has been disabled because licenses have expired or been deleted. Contact the Mobility administrator.
75
Disconnected
(Windows) Network traffic is also blocked
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
76
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
78
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
79
Disconnected
Credentials cleared
Failover
(Windows) Network traffic is also blocked
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
80
Disconnected
Credentials cleared
Failover
(Windows) Network traffic is also blocked
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
81
Disconnected
(Windows) Network traffic is also blocked
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
82
Disconnected
Failover
(Windows) Network traffic is also blocked
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
83
Failover
(Windows) Network traffic is also blocked
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
84
 
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
85
Credentials cleared
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
86
Credentials cleared
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
87
Credentials cleared
Failover
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
88
Credentials cleared
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
89
 
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
90
Failover
Unspecified error.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
91
Failover
Unspecified error. Fail over to alternate server.
This error message sometimes appears when the Mobility client is running an earlier version of Mobility than the server, and the server is handling an error that did not exist in the client’s version of Mobility.
92
Failover
Mobility warehouse connection is down. Contact the Mobility administrator.
93
Failover
Mobility server cannot register new devices because the warehouse is read-only. Contact the Mobility administrator.
If the primary warehouse fails, Mobility servers connected to that warehouse automatically fail over to a standby warehouse (the dedicated consumer in Oracle Directory Server terminology). While servers are connected to a standby warehouse, the Mobility system will continue to service existing connections and accept new ones. However, the standby warehouse is read-only, so the Mobility server will not be able to save modified settings or perform other tasks that involve writing to the warehouse.
94
Disconnected
(Windows) Network traffic is also blocked
This client is configured for a Mobility server that is not in the External Server Addresses list. The Mobility administrator must configure this setting in the Mobility console.
See Connecting to the Mobility Server Using its NAT Address for steps on resolving this error.
95
 
The server session no longer exists on the client (probably due to failover).
96
Disconnected
(Windows) Network traffic is also blocked
The Mobility network interface is disabled. If it was temporarily disabled during third-party software installation, you may need to restart the client device to re-enable Mobility.
The NetMotion Mobility network interface is disabled. If it was temporarily disabled when you were installing third-party software, you may need to reboot the client device to re-enable Mobility.
97
(Windows) Network traffic is also blocked
Setup/upgrade in process. The Mobility client must be restarted in order to reconnect.
98
 
A server session was terminated because the client has established a new connection from the same device.
99
Disconnected
(Windows) Network traffic is also blocked
This Mobility client is incompatible with current NAC/policy.
See Version and Operating System Compatibility for specifying what to do in the event of a version or operating system mismatch.
100
Disconnected
(Windows) Network traffic is also blocked
This version of the Mobility client is incompatible with FIPS security requirements.
The FIPS security requirements of the Mobility server are not being met by this client. See Requiring FIPS-Compliant Encryption for information about enforcing FIPS compliance.
101
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
There are currently no logon servers available to service the logon request.
The Mobility server was unable to connect to the authentication server (for example, RADIUS or Active Directory) to authenticate the user.
102
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Challenge to client has timed out.
103
 
The Mobility warehouse connection is busy. Continuing to try to connect.
104
Credentials cleared
The RADIUS authentication server quit responding. The RADIUS servers are either all offline or the domain is not recognized.
The RADIUS authentication server didn't respond within the allotted time. This could be due to network delay, a RADIUS server that is either slow to respond or offline, or an unrecognized domain.
For example, if a RADIUS server is configured to only authenticate a valid user certificate for an account in domain A, it will stop responding (and Mobility will show disconnect reason 104) if the certificate is for an account in domain B.
105
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The client cannot be logged on because the RADIUS server does not support the configured EAP type. Contact the Mobility administrator.
106
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The client cannot be logged on because the RADIUS server does not support Identity Hiding and Mobility cannot establish the UserID. Contact the Mobility administrator.
107
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The client session was terminated. You have encountered a VPN access limitation that applies to secondary users.
You cannot have multiple connections to the Mobility server from the same computer. Check for additional sessions (open Task Manager and go to the Users tab) and disconnect them. In addition, if you are using RDP and a Mobility client is connected, only one RDP session is allowed; see Using RDP to Connect to a Mobility Client for more information.
108
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The client session was terminated. The connection owner has logged off.
109
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The Mobility client does not comply with Network Access Control Rules.
Windows only: Running a report on the client (Status > Logs, with Verbose information selected) provides information about the reason(s) the client device is out of compliance with its NAC rule set.
110
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The Mobility client has been quarantined because it does not comply with Network Access Control rules.
After the device has been brought back into compliance, a Mobility administrator must remove it from quarantine before it is allowed to connect.
Windows only: Running a report on the client (Status > Logs, with Verbose information selected) provides information about the reason(s) the client device is out of compliance with its NAC rule set.
111
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
This version of the Mobility client has been disallowed by the Mobility administrator. Contact the administrator to upgrade to a supported version.
When you create a policy rule you can make its activation depend on a comparison between the version of the Mobility client on the mobile device, and a version you specify. See Policy Rule Condition: Version for more information.
112
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The Mobility client is shutting down or restarting.
113
Disconnected
Credentials cleared
An authentication or configuration timeout occurred on the server during the connection process.
See Setting Timeouts to Optimize Bandwidth Use for a summary of configurable timeouts.
114
 
A newer session has been opened on another Mobility server.
115
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Client session cleared because a newer session was found on another server.
While the client was out of range or otherwise out of contact with the server, it disconnected its current session and established a new session to another server in the pool. The older session with the first server was left in a stale state and was then removed.
116
(Windows) Network traffic is also blocked
The Mobility warehouse has received an internal error - the disk may be full.
Mobility warehouse has received an internal error. Check to see if the disk is full.
118
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The device authenticated with the same certificate identity as another device in the system. Contact the Mobility administrator.
See Authentication Using RADIUS for more information about certificates and configuring RADIUS.
119
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The device authenticated with a different certificate identity than is allowed and may not connect to the Mobility server. Contact the Mobility administrator.
The device authenticated with a different certificate identity than is allowed and may not connect to the Mobility server. See Authentication Using RADIUS for more information about certificates and configuring RADIUS.
120
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
This is not an authorized device for this user. Contact the Mobility administrator for an authorized device.
This is not an authorized device for this user.
121
Credentials cleared
Authentication cannot proceed without user interaction.
122
 
Authentication mode negotiated to include device authentication.
For more information see About Device Authentication in Mobility.
123
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Authentication mode negotiated to include device authentication.
For more information see About Device Authentication in Mobility.
124
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
Authentication mode negotiation failed.
For example, a Mobility client running on Android does not support device authentication. It will be disconnected (with an error code of 61) if its Authentication mode is set to Multi-factor or Unattended.
125
 
Authentication mode negotiated to use 'User authentication only'.
See Configuring Client Authentication for more information.
126
Disconnected
User-initiated disconnect.
When users click Disconnect, they must reauthenticate to the Mobility server before network communication is reestablished. (When Mobility is in passthrough mode, reconnecting does not require reauthenticating.)
127
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
User reauthentication has timed out.
User reauthentication has timed out. See Configuring User Reauthentication for information on configuring a reauthentication interval and grace period.
128
(Windows) Network traffic is also blocked
The server's identity could not be validated.
129
 
The unattended VPN session was disconnected before permitting an unauthenticated Mobility user to proceed to the desktop.
Indicates that a user has arrived at the Windows desktop without having authenticated properly. For example, if the standard Microsoft GINA (the graphical interface and authentication dialog) has been replaced by another logon dialog box, Mobility cannot authenticate that user. In this situation, the Mobility session is ended and the user must re-authenticate.
130
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
No root certificate installed to validate this authenticator. Contact the Mobility administrator.
There is no root certificate installed to validate this authenticator. See Authentication Using RADIUS for more information about certificates and configuring RADIUS.
131
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The RADIUS server certificate is expired. Check the device date and time or contact the Mobility administrator.
132
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The root certificate validating this authenticator has been disallowed by Mobility configuration.
The root certificate validating this authenticator has been disallowed by Mobility configuration. See Configuring Server Certificates on the Mobility Client (Windows) for more information.
133
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The RADIUS server certificate does not contain the host name specified in Mobility configuration.
134
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The RADIUS server certificate cannot be validated.
If you have older (pre-v11) Mobility clients running on Android, make sure that the RADIUS certificate has an EKU (Extended Key Usage) of server authentication.
Another workaround for disconnect reason 134 is not recommended, but can be used for a client that is not being used in production: temporarily clear the option on the Mobility client to validate the server certificate.
See Authentication Using RADIUS for more information about certificates and configuring RADIUS.
135
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The RADIUS server certificate has been revoked.
 
136
 
The unattended VPN session was disconnected before permitting a user, configured for user certificate authentication, to proceed to the desktop. User certificate authentication requires the user to be at the desktop to authenticate. However, an unattended session cannot persist with a user at the desktop that has not authenticated yet.
To reestablish the session, the user can select the Mobility icon in the system tray and click Connect.
137
Disconnected
(Windows) Network traffic is also blocked
A spew session's authentication failed. The session will be disconnected because there is no way to enter alternate credentials.
(Internal message.) A testing session's authentication failed. Being disconnected, because there is no means to enter alternate credentials.
138
Disconnected
Credentials cleared
(Windows) Network traffic is also blocked
The client session was terminated due to lack of client resources.
139
(Windows) Network traffic is also blocked
Active device or user has been quarantined and cannot access the network. Contact the Mobility administrator.
If you quarantine a device or user from the Devices or Users page of Client Settings, the Mobility server imposes the quarantine the next time the device or user attempts to connect. The server does not terminate existing connections, but the quarantined user or device is not allowed to establish a new connection.
To immediately terminate an active session and prevent the user or device from establishing new Mobility connections, apply a quarantine from the Connection List page. If a user is connected with more than one device, only selected connections are terminated.
140
(Windows) Network traffic is also blocked
Device authentication required. The client must have a valid device certificate.
Mobility is configured to perform device authentication but the client does not have a valid device certificate. A device certificate contains the identity of the computer being validated, other identifying attributes, and a public key that is signed by a CA. See Configuring Certificates on the Client for more information.
This disconnect reason can also indicate that the Mobility client is running on a pre-4.2 version of the Android operating system (to use personal certificates on an Android device, you must be running version 4.2 or later).
141
Disconnected
(Windows) Network traffic is also blocked
Proxied network connection limit exceeded. Contact the Mobility administrator.
The Mobility server enforces a per-client limit on the number of allocated sockets and it disconnects any client that exceeds the limit. Two warning events are logged as a client approaches the socket limit, and an error is logged when the client exceeds the limit.
If you encounter any object limit messages in your event log contact Technical Support for assistance in identifying and correcting any client application problems.
142
Disconnected
(Windows) Network traffic is also blocked
Cipher suite negotiation failed. Server could not resolve a set of suites.
When FIPS-compliant encryption is required, Mobility client users on macOS will see this error if the Mobility server to which they are connecting is not v11 or later. Version 11 has a cipher suite for macOS that does not exist in earlier versions of Mobility.
143
Disconnected
(Windows) Network traffic is also blocked
The server's crypto modules are not listed as compatible with FIPS security requirements.
The Mobility server's cryptographic modules are not listed as compatible with the FIPS security requirements. See Specifying FIPS-Validated Modules for information about specifying cryptographic modules in the Mobility console.
144
Disconnected
(Windows) Network traffic is also blocked
Required Suite B cryptographic algorithms are unavailable on this client and/or the Mobility server.
Suite B is an NSA-approved suite of security algorithms.
145
(Windows) Network traffic is also blocked
Smart card used for authentication has been removed.
146
Disconnected
Credentials cleared
Invalid username or password; dialogs are disabled.
(Windows client only) The Mobility client is configured to not display any dialogs. An invalid user name or password has been passed to the client using on of these methods:
The first time users log on to Windows after installing the Mobility client, Mobility tries to authenticate them using their Windows credentials.
Mobility is using the credentials for the most recent, successful logon.
A program using the Mobility client API is passing invalid credentials.
147
Disconnected
Credentials cleared
Password has expired; dialogs are disabled.
(Windows client only) The Mobility client is configured to not display any dialogs. An expired password has been passed to the client using one of these methods:
The first time users log on to Windows after installing the Mobility client, Mobility tries to authenticate them using their Windows credentials.
Mobility is using the password for the most recent, successful logon.
A program using the Mobility client API is passing an expired password.

 



©2017 NetMotion Wireless, Inc. | NetMotion Mobility® Server v11