VPN Client GUI Messages
Available Languages
Download Options
Updated:February 15, 2021
Document ID:48160
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
Introduction
This document lists the VPN Client GUI error, reason, and warning messages along with a description/action. These messages are for use by Cisco Technical Support and Engineering Support.
The information enables the Cisco Technical Support engineer to resolve your problem faster and more efficiently when you open a Technical Support service request. It also further familiarizes you with the problem and the associated debugs to identify the problem source.
Prerequisites
Requirements
In order to benefit from these VPN Client GUI messages, you need access to your network and the ability to turn on debugs and capture output.
Components Used
This document is not restricted to specific software and hardware versions.
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
VPN Client GUI Messages
Errors
| Number | Message | Description or Action |
|---|---|---|
| 1 | The command line parameter %1 cannot be used in conjunction with the command line parameter %2. | The two command line parameters stated within quotation marks conflict with one another and cannot be used together in any given command line. |
| 2 | Invalid Connection Entry name. The Connection Entry name cannot contain any of the following characters... |
An invalid character was entered in the connection entry name field of the dialog for creating new, or modifying existing connection entries. |
| 3 | Invalid TCP port specified. Valid range is %1 to %2. | An invalid TCP port number was entered on the Transport tab of the dialog for creating new, or modifying existing connection entries. |
| 4 | Invalid Peer Response Timeout specified. Valid range is %1 to %2. | An invalid peer response timeout was entered on the Transport tab of the dialog for creating new, or modifying existing connection entries. |
| 5 | No hostname exists for this connection entry. Unable to make VPN connection. | A connection attempt was made using a connection entry that does not contain a host name/address entry. A host name or address must be specified in the connection entry in order to attempt a VPN connection. |
| 6 | The connection entry %1 does not exist. | The command line specified a connection entry that does not exist. |
| 7 | Group passwords do not match. Enter the same password in both text boxes. | The group authentication password fields on the Authentication tab of the dialog for creating new, or modifying existing connection entries, have different values. The Password and Confirm Password fields must contain the same values. |
| 8 | Unable to update Start Before Logon setting. | The VPN Client was unable to save the start before logon setting of the Windows Logon Properties dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system. |
| 9 | Unable to update Disconnect VPN connection when logging off setting. | The VPN Client was unable to save the Disconnect VPN connection when logging off setting of the Windows Logon Properties dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system. |
| 10 | Unable to update Allow launching of third party applications before logon setting. | The VPN Client was unable to save the Allow launching of third party applications before logon setting of the Windows Logon Properties dialog to the Windows registry. The user must have administrator privileges to save this setting, though the setting should be grayed out if this is not the case. There is likely a system problem with the registry. |
| 11 | Registration of CSGINA.DLL failed. | The VPN Client was unable to register its CSGINA.DLL with the Windows operating system. The DLL may have been altered or corrupted. |
| 12 | Unable to retrieve auto-initiation status. | The VPN Client was unable to retrieve the current status for determining if automatic VPN initiation must be initiated. The VPN Client service or daemon may be stopped, hung, or not running; or inter-process communication between the service/daemon and the GUI application may have failed. |
| 13 | Unable to update Automatic VPN Initiation Enable setting. | The VPN Client was unable to save the Automatic VPN Initiation Enable setting of the Automatic VPN Initiation dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system. |
| 14 | Unable to update Automatic VPN Initiation Retry Interval setting. | The VPN Client was unable to save the Automatic VPN Initiation Retry Interval setting of the Automatic VPN Initiation dialog to the file vpnclient.ini. The file attributes may have been changed to read only or there may be a problem with the file system. |
| 15 | Invalid Retry Interval specified. Valid range is %1 to %2. | An invalid retry interval was entered in the Automatic VPN Initiation Retry Interval field of the Automatic VPN Initiation dialog. The value must be within the range specified in the error message. |
| 16 | The connection entry %1 already exists. Choose a different name. | The user is attempting to create a new connection entry with the same name as an existing connection entry. |
| 17 | Unable to create connection entry. | The VPN Client was unable to save the new connection entry to a file on the hard drive. There may be a problem with the file system. |
| 18 | Unable to rename connection entry. | The VPN Client was unable to rename the connection entry. The new connection entry name may already exist, or there may be a problem with the file system. |
| 19 | Unable to save the modified connection entry. | The VPN Client was unable to save the modified connection entry to its file on the hard drive. The file attributes may have been changed to read only or there may be a problem with the file system. |
| 20 | Unable to duplicate connection entry. | The VPN Client was unable to duplicate the connection entry. The duplicate connection entry name may already exist or be too long, or there may be a problem with the file system. |
| 21 | Unable to delete connection entry %1. | The VPN Client was unable to delete the connection entry. The file containing the connection entry may no longer exist or may be protected, or there may be a problem with the file system. |
| 22 | Unable to import connection entry %1. | The VPN Client was unable to import the connection entry. The connection entry attempting to import may not exist. A connection entry with the same name as the entry being imported may already exist. There may be a problem with the file system. |
| 23 | Unable to erase encrypted password for connection entry %1. | The VPN Client was unable to erase the encrypted user password in the connection entry. The connection entry file attributes may have been changed to read only or there may be a problem with the file system. |
| 24 | Unable to update connection entry %1. | The VPN Client was unable to write the connection entry modifications to the connection entry's file on the hard drive. The file attributes may have been changed to read only or there may be a problem with the file system. |
| 25 | %1() for the short cut file %2 failed with %3h. | The function specified in the error message failed while attempting to create a short cut file to the VPN Client GUI for a particular connection entry. The hexadecimal number in the error message is the error returned by the function specified. |
| 26 | Unable to build a fully qualified file path while creating the short cut file %1. | The VPN Client was unable to build a fully qualified file path for the shortcut file. There may be a problem with the file system. |
| 27 | Unable to create the shortcut file %1. | The VPN Client was unable to get a pointer to the IShellLink interface from the system in order to create the shortcut file. |
| 28 | Reached end of log, no match found. | The VPN Client could not find a match for the search string in the log. |
| 29 | The third-party dial-up program could not be started. | The VPN Client was unable to launch the third-party dial-up program specified in the connection entry in order to establish a VPN connection. |
| 30 | The selected connection entry uses the Microsoft CryptoAPI certificate store. This connection entry can not be used until you have logged in to your workstation. | The user is attempting to establish a VPN connection before logon using a connection entry that is configured to use a Microsoft CryptoAPI certificate for authentication. Such a certificate cannot be used until after the user has logged into the workstation. |
| 31 | The certificate %1 associated with this Connection Entry no longer exists or failed to open. Please select another certificate. | The user is attempting to establish a VPN connection using a connection entry that is configured to use a certificate for authentication that does not exist or cannot be opened. |
| 32 | Unable to verify certificate %1. | The selected certificate could not be verified. Possible misconfiguration issue with the certificate authentication (CA) server. |
| 33 | Unable to delete certificate %1 from certificate store. | The VPN Client was unable to successfully delete the selected certificate from the certificate store. |
| 34 | Unable to show details for certificate %1. | The VPN Client was unable to successfully open and access the selected certificate in order to display the certificate's details. |
| 35 | Unable to export certificate. Invalid path %1. | The export path provided for the certificate is invalid. |
| 36 | Unable to export certificate %1. | The export source or destination for the certificate was invalid and the certificate could not be exported. |
| 37 | An export path must be specified. | The user did not provide a file path for exporting the selected certificate |
| 38 | Certificate passwords do not match. Enter the same password in both text boxes. | The Password and Confirm Password fields of the Export Certificate dialog must both contain the same values. |
| 39 | Unable to import certificate. | The VPN Client was unable to import the certificate. The file path for the certificate may be incorrect or there may be a problem with the file system. |
| 40 | An import path must be specified. | The user did not provide a file path for import a certificate. |
| 41 | Certificate passwords do not match. Enter the same password in both text boxes. | The New Password and Confirm Password fields of the Import Certificate dialog must both contain the same values. |
| 42 | Unable to create certificate enrollment request. | The VPN Client was unable to create an enrollment request to enroll the certificate with a certificate authority. |
| 43 | Certificate enrollment failed, or was not approved. | The certificate enrollment request failed or was not approved by the certificate authority. |
| 44 | Certificate is not valid, or not an online enrollment request. | The user attempted to resume enrollment of a certificate that is not valid or does not have a pending enrollment request. |
| 45 | Passwords do not match. Try again. | The value entered in the Confirm new password dialog did not match the value entered in the Enter new password dialog when attempting to change a certificate password. |
| 46 | Change password for certificate %1 failed. | The VPN Client was unable to change the password for the certificate. |
| 47 | Failed to load ipseclog.exe. | The VPN Client was unable to launch the ipseclog.exe application. Log messages will not be saved to the log file. |
| 48 | Unable to stop service/daemon. | The VPN Client was unable to stop the service/daemon. The service/daemon may be hung or there is a problem with the system's service/daemon management. |
| 49 | GI_VPNStop failed. Unable to disconnect. | The VPN Client failed to send a stop request for terminating the VPN connection to the service/daemon. The service/daemon may be stopped, hung, or not running. Communication with the service/daemon may have failed. |
| 50 | Service/daemon is not running. | The VPN Client service/daemon is not running. VPN connections cannot be established/terminated via the GUI. |
| 51 | IPC socket allocation failed with error %1h. | The VPN Client failed to create an inter-process communication socket in order to communicate with the service/daemon. VPN connections cannot be established/terminated via the GUI. Refer to Related Information for link to search on Cisco bug ID CSCed05004. |
| 52 | IPC socket deallocation failed with error %1h. | The VPN Client failed to close an inter-process communication socket that is used to communicate with the service/daemon while terminating. Subsequent use of the GUI may be unable to communicate with the service/daemon. |
| 53 | Secure connection to %1 was unexpectedly dropped. | The VPN connection was lost due to something other than termination by the VPN Client GUI. The connection could have been terminated by the user via the CLI, or internet connectivity may have been lost. |
| 54 | The authentication passwords do not match. Enter the same password in both text boxes. | The user was asked to enter a new authentication password in the extend authentication dialog and did not enter the same values into the New Password and Confirm Password fields. Both fields must contain the same values. |
| 55 | The authentication PINs do not match. Enter the same PIN in both text boxes. | The user was asked to enter a new authentication PIN in the extend authentication dialog and did not enter the same values into the New PIN and Confirm PIN fields. Both fields must contain the same values. |
| 56 | Unable to start the VPN connection. | The VPN Client failed to send a start request for establishing the VPN connection to the service/daemon. The service/daemon may be stopped, hung, or not running. Communication with the service/daemon may have failed. |
Reasons
| Number | Message | Description or Action |
|---|---|---|
| 401 | An unrecognized error occurred while establishing the VPN connection. | VPN connection was not established because of an unrecognized reason. Please check client logs for details. |
| 402 | The Connection Manager was unable to read the connection entry, or the connection entry has missing or incorrect information. | Either the connection profile is missing or does not have all the information. To fix this problem, you can either select another connection profile, or fix the current connection entry. Connection profiles are located in <client installation directory>profiles. On most machines, this is C:Program FilesCisco SystemsVPN Clientprofiles. To fix this problem, replace the connection profile file from the profiles directory. This file can be copied from a machine that has the correct entry of this file. |
| 403 | Unable to contact the security gateway. | This can happen because of multiple reasons. One of the reasons that users can get this message is because IKE negotiations failed. Check the client logs for details. |
| 404 | The remote peer terminated the connection during negotiation of security policies. | Check the remote peer (head-end) logs to determine the cause for this failure. |
| 405 | The remote peer terminated connection during user authentication. | This reason is not currently used. |
| 406 | Unable to establish a secure communication channel. | This reason is not currently used. |
| 407 | User authentication was cancelled by the user. | A user hit the cancel button (instead of OK) in the VPN Client user authentication dialog. |
| 408 | A VPN connection is already in the process of being established. | A connection is already in process. |
| 409 | A VPN connection already exists. | A VPN connection already exists. |
| 410 | The Connection Manager was unable to forward the user authentication request. | This is not currently used. |
| 411 | The remote peer does not support the required VPN Client protocol. | The remote peer is either not a Cisco device or it does not support the VPN Client protocol specification. |
| 412 | The remote peer is no longer responding. | The remote peer is not responding to the client's request to establish the connection. Make sure you can ping the remote peer, or check remote peer logs for why it is not responding to the client. |
| 413 | User authentication failed. | Either the user entered wrong user authentication information, or the client was not able to launch the XAuth (user authentication) process. |
| 414 | Failed to establish a TCP connection. | The VPN Client was not able to establish the TCP connection for IPSec over TCP connection mode. Please try IPSec over UDP or straight IPSec. Please look at client logs for details. |
| 415 | A required component PPPTool.exe is not present among the installed client software. | Please make sure that ppptool.exe is present in the client installation directory (this is generally C:Program FilesCisco SystemsVPN Client. If this file is not present, uninstall and reinstall the client. |
| 416 | Remote peer is load balancing. | The peer has advised you to use a different gateway. |
| 417 | The required firewall software is no longer running. | The required firewall is not running. |
| 418 | Unable to configure the firewall software. | The peer sent an unrecognized firewall message. |
| 419 | No connection exists. | This is an unexpected error. Please check client logs for details. |
| 420 | The application was unable to allocate some system resources and cannot proceed. | The system ran out of memory. If you think the system has enough memory, reboot the machine and try again. |
| 421 | Failed to establish a connection to your ISP. | Failed to establish a dialup connection. View the client logs for details. |
| 422 | Lost contact with the security gateway. Check your network connection. | The machine's IP address changed or the machine is no longer connected to the Internet. Note: The VPN Client is required to disconnect the VPN tunnel for security reasons, if the machines IP Address has changed. |
| 423 | Your VPN connection has been terminated. | Either the user disconnected the VPN tunnel, or there was an unexpected error. |
| 424 | Connectivity to Client Lost by Peer. | Connection disconnected by the peer. Check the peer logs for details. |
| 425 | Manually Disconnected by Administrator. | Administrator manually disconnected the VPN tunnel. |
| 426 | Maximum Configured Lifetime Exceeded. | The VPN Client exceeded the maximum configured lifetime for a session. This value is configured on the peer (head-end) device. |
| 427 | Unknown Error Occurred at Peer. | Peer disconnected tunnel. Check the peer logs for details. |
| 428 | Peer has been Shut Down. | Peer was shut down. |
| 429 | Unknown Severe Error Occurred at Peer. | Check the peer logs for details. |
| 430 | Configured Maximum Connection Time Exceeded. | VPN Client has been connected for longer than allowed by the peer. |
| 431 | Configured Maximum Idle Time for Session Exceeded. | The VPN connection was idle for longer than the time allowed by the administrator. |
| 432 | Peer has been Rebooted. | The peer has been rebooted. |
| 433 | Reason Not Specified by Peer. | The peer gave no reason for disconnecting the tunnel. Check the peer logs for details. |
| 434 | Policy Negotiation Failed. | Client and peer policies do not match. Try changing peer policies (try using 3DES, AES, and so forth) and then try again. |
| 435 | Firewall Policy Mismatch. | Firewall policies do not match with what was configured by the peer. |
| 436 | Certificates used have Expired. | The certificate used in the connection profile has expired. Update the certificate configured in the client profile, and then try again. |
| 437 | Bad parameter was provided. | Check spelling and syntax of profile or command line parameters. |
| 438 | Different components of the client can't communicate. Try stopping any personal firewalls that might be installed on the client machine, and then try again. | The VPN Client GUI uses ports to communicate with the VPN Client driver and service. Firewalls lie in between these two components and may block traffic. Allow all traffic to the 127.0.0.1 address. |
| 439 | Start the Cisco VPN Client Service. | This can be done by _net start cvpnd_ on command prompt, or by going to service manager and starting the VPN service. _net start cvpnd_ and _net stop cvpnd_ are used to start and stop the VPN service. The Windows system log may also be checked to see why the service might not have started. Note: Do not type the _ character when you enter these commands. |
| 440 | Cannot start the driver. Make sure DNE is installed correctly. Make sure that _cvpndrva_ is installed correctly. | Ensure that the DNE driver is loaded. Go to command prompt and type _net stop dne_. It should not be able to be stopped. However, if it cannot be found, then it is not installed. If installed, try _net stop cvpndrva_ and _net start cvpndrva_. This can't be done via service manager. Note: Do not type the _ character when you enter these commands. |
| 441 | Out of backup servers. Tried contacting all backup servers (if available), but still could not connect. | The VPN Client was unable to make contact with a head end device after checking all backup servers. Ensure connectivity and name resolution to head end devices from the workstation. |
| 442 | Failed to enable virtual adapter. | Attempt a reboot before trying again. Or go to network connection property pages and try to manually enable/disable the _Cisco Systems VPN Adapter_. Also try to add the following line to vpnclient.ini: [main] VAEnableAlt=0. |
| 443 | Smart card associated with the certificate was removed. Please re-insert the smart card. | Certificates residing outside the workstation must remain connected during the VPN Client session. |
Warnings
| Number | Message | Description or Action |
|---|---|---|
| 201 | The command line parameter %1 cannot be used in conjunction with the command line parameter %2. |
The two command line parameters stated within quotation marks conflict with one another and cannot be used together in any given command line. |
| 202 | If you disable this feature, the %1 will not automatically disconnect your VPN connection when you logoff. As a result, your computer may remain connected after logoff. | The user has disabled the Disconnect VPN connection when logging off setting of the Windows Logon Properties dialog. |
| 203 | You do not have write privileges for this connection entry. It will be opened read-only. | The user is attempting to modify a connection entry whose file attributes have been set to read only. |
| 204 | The certificate %1 associated with this Connection Entry could not be found. Please select a different certificate or click Cancel. | The user is attempting to modify a connection entry that has a certificate associated with it. But the certificate associated with the profile was not found. It could be that the certificate lives on a smart card which is not connected to the system right now. Therefore, hitting cancel is a valid option. |
| 205 | You must use a Smart Card with this connection. Please insert the Smart Card before attempting a connection. | This warning means that the current profile requires the use of smart card, and no smart card is present on the system. The user should insert the correct smart card and should re-connect, or the user should select a different profile to connect. |
Related Information
- Cisco Bug ID CSCed05004 (registered customers only)
- IPSec Negotiation/IKE Protocols Support Page
- Technical Support & Documentation - Cisco Systems
Contributed by
- nmehrotrcarunach
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)