| 11033 (0x2B19) | WSA_IPSEC_NAME_POLICY_ERROR | Name based IPSEC policy could not be added. |
| 13800 (0x35E8) | ERROR_IPSEC_IKE_NEG_STATUS_BEGIN | ERROR_IPSEC_IKE_NEG_STATUS_BEGIN |
| 13820 (0x35FC) | ERROR_IPSEC_IKE_NO_PRIVATE_KEY | IKE negotiation failed because the machine certificate used does not have a private key. IPsec certificates require a private key. Contact your Network Security administrator about replacing with a certificate that has a private key. |
| 13855 (0x361F) | ERROR_IPSEC_IKE_SRVACQFAIL | Failed to obtain Kerberos server credentials for ISAKMP/ERROR_IPSEC_IKE service. Kerberos authentication will not function. The most likely reason for this is lack of domain membership. This is normal if your computer is a member of a workgroup. |
| 13856 (0x3620) | ERROR_IPSEC_IKE_SRVQUERYCRED | Failed to determine SSPI principal name for ISAKMP/ERROR_IPSEC_IKE service (QueryCredentialsAttributes). |
| 13857 (0x3621) | ERROR_IPSEC_IKE_GETSPIFAIL | Failed to obtain new SPI for the inbound SA from IPsec driver. The most common cause for this is that the driver does not have the correct filter. Check your policy to verify the filters. |
| 13860 (0x3624) | ERROR_IPSEC_IKE_ADD_UPDATE_KEY_FAILED | Failed to add Security Association to IPsec Driver. The most common cause for this is if the IKE negotiation took too long to complete. If the problem persists, reduce the load on the faulting machine. |
| 13887 (0x363F) | ERROR_IPSEC_IKE_CERT_CHAIN_POLICY_MISMATCH | Certificate doesn’t chain to a trusted root in IPsec policy. |
| 13895 (0x3647) | ERROR_IPSEC_IKE_QM_EXPIRED | Quick mode SA was expired by IPsec driver. |
| 13897 (0x3649) | ERROR_IPSEC_IKE_NEG_STATUS_END | ERROR_IPSEC_IKE_NEG_STATUS_END |
| 13909 (0x3655) | ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END | ERROR_IPSEC_IKE_NEG_STATUS_EXTENDED_END |
| 13910 (0x3656) | ERROR_IPSEC_BAD_SPI | The SPI in the packet does not match a valid IPsec SA. |
| 13911 (0x3657) | ERROR_IPSEC_SA_LIFETIME_EXPIRED | Packet was received on an IPsec SA whose lifetime has expired. |
| 13912 (0x3658) | ERROR_IPSEC_WRONG_SA | Packet was received on an IPsec SA that does not match the packet characteristics. |
| 13914 (0x365A) | ERROR_IPSEC_INVALID_PACKET | IPsec header and/or trailer in the packet is invalid. |
| 13915 (0x365B) | ERROR_IPSEC_INTEGRITY_CHECK_FAILED | IPsec integrity check failed. |
| 13916 (0x365C) | ERROR_IPSEC_CLEAR_TEXT_DROP | IPsec dropped a clear text packet. |
| 13917 (0x365D) | ERROR_IPSEC_AUTH_FIREWALL_DROP | IPsec dropped an incoming ESP packet in authenticated firewall mode. This drop is benign. |
| 13918 (0x365E) | ERROR_IPSEC_THROTTLE_DROP | IPsec dropped a packet due to DoS throttling. |
| 13925 (0x3665) | ERROR_IPSEC_DOSP_BLOCK | IPsec DoS Protection matched an explicit block rule. |
| 13926 (0x3666) | ERROR_IPSEC_DOSP_RECEIVED_MULTICAST | IPsec DoS Protection received an IPsec specific multicast packet which is not allowed. |
| 13927 (0x3667) | ERROR_IPSEC_DOSP_INVALID_PACKET | IPsec DoS Protection received an incorrectly formatted packet. |
| 13928 (0x3668) | ERROR_IPSEC_DOSP_STATE_LOOKUP_FAILED | IPsec DoS Protection failed to look up state. |
| 13929 (0x3669) | ERROR_IPSEC_DOSP_MAX_ENTRIES | IPsec DoS Protection failed to create state because the maximum number of entries allowed by policy has been reached. |
| 13930 (0x366A) | ERROR_IPSEC_DOSP_KEYMOD_NOT_ALLOWED | IPsec DoS Protection received an IPsec negotiation packet for a keying module which is not allowed by policy. |
| 13931 (0x366B) | ERROR_IPSEC_DOSP_NOT_INSTALLED | IPsec DoS Protection has not been enabled. |
| 13932 (0x366C) | ERROR_IPSEC_DOSP_MAX_PER_IP_RATELIMIT_QUEUES | IPsec DoS Protection failed to create a per internal IP rate limit queue because the maximum number of queues allowed by policy has been reached. |
