FACILITY_SSPI: the Security API layer.

The source of the error code is the Security API layer.^[1][2]

• 0xC0090001: The specified event is currently not being audited.^[2]
• 0xC0090002: The SID filtering operation removed all SIDs.^[2]
• 0xC0090003: Business rule scripts are disabled for the calling application.^[2]
• 0x80090001: Bad UID.^[2]
• 0x80090002: Bad Hash.^[2]
• 0x80090003: Bad Key.^[2]
• 0x80090004: Bad Length.^[2]
• 0x80090005: Bad Data.^[2]
• 0x80090006: Invalid Signature.^[2]
• 0x80090007: Bad Version of provider.^[2]
• 0x80090008: Invalid algorithm specified.^[2]
• 0x80090009: Invalid flags specified.^[2]
• 0x8009000A: Invalid type specified.^[2]
• 0x8009000B: Key not valid for use in specified state.^[2]
• 0x8009000C: Hash not valid for use in specified state.^[2]
• 0x8009000D: Key does not exist.^[2]
• 0x8009000E: Insufficient memory available for the operation.^[2]
• 0x8009000F: Object already exists.^[2]
• 0x80090010: Access denied.^[2]
• 0x80090011: Object was not found.^[2]
• 0x80090012: Data already encrypted.^[2]
• 0x80090013: Invalid provider specified.^[2]
• 0x80090014: Invalid provider type specified.^[2]
• 0x80090015: Provider's public key is invalid.^[2]
• 0x80090016: Keyset does not exist^[2]
• 0x80090017: Provider type not defined.^[2]
• 0x80090018: Provider type as registered is invalid.^[2]
• 0x80090019: The keyset is not defined.^[2]
• 0x8009001A: Keyset as registered is invalid.^[2]
• 0x8009001B: Provider type does not match registered value.^[2]
• 0x8009001C: The digital signature file is corrupt.^[2]
• 0x8009001D: Provider DLL failed to initialize correctly.^[2]
• 0x8009001E: Provider DLL could not be found.^[2]
• 0x8009001F: The Keyset parameter is invalid.^[2]
• 0x80090020: An internal error occurred.^[2]
• 0x80090021: A base error occurred.^[2]
• 0x80090022: Provider could not perform the action since the context was acquired as silent.^[2]
• 0x80090023: The security token does not have storage space available for an additional container.^[2]
• 0x80090024: The profile for the user is a temporary profile.^[2]
• 0x80090025: The key parameters could not be set because the CSP uses fixed parameters.^[2]
• 0x80090026: The supplied handle is invalid.^[2]
• 0x80090027: The parameter is incorrect.^[2]
• 0x80090028: The buffer supplied to a function was too small.^[2]
• 0x80090029: The requested operation is not supported.^[2]
• 0x8009002A: No more data is available.^[2]
• 0x8009002B: The supplied buffers overlap incorrectly.^[2]
• 0x8009002C: The specified data could not be decrypted.^[2]
• 0x8009002D: An internal consistency check failed.^[2]
• 0x8009002E: This operation requires input from the user.^[2]
• 0x8009002F: The cryptographic provider does not support HMAC.^[2]
• 0x80090030: The device that is required by this cryptographic provider is not ready for use.^[2]
• 0x80090031: The dictionary attack mitigation is triggered and the provided authorization was ignored by the provider.^[2]
• 0x80090032: The validation of the provided data failed the integrity or signature validation.^[2]
• 0x80090033: Incorrect password.^[2]
• 0x80090034: Encryption failed.^[2]
• 0x80090035: The device that is required by this cryptographic provider is not found on this platform.^[2]
• 0x80090036: The action was cancelled by the user.^[2]
• 0x80090037: The password is no longer valid and must be changed.^[2]
• 0x80090038: The operation cannot be completed from Terminal Server client sessions.^[2]
• 0x80090300: Not enough memory is available to complete this request^[2]
• 0x80090301: The handle specified is invalid^[2]
• 0x80090302: The function requested is not supported^[2]
• 0x80090303: The specified target is unknown or unreachable^[2]
• 0x80090304: The Local Security Authority cannot be contacted^[2]
• 0x80090305: The requested security package does not exist^[2]
• 0x80090306: The caller is not the owner of the desired credentials^[2]
• 0x80090307: The security package failed to initialize, and cannot be installed^[2]
• 0x80090308: The token supplied to the function is invalid^[2]
• 0x80090309: The security package is not able to marshall the logon buffer, so the logon attempt has failed^[2]
• 0x8009030A: The per-message Quality of Protection is not supported by the security package^[2]
• 0x8009030B: The security context does not allow impersonation of the client^[2]
• 0x8009030C: The logon attempt failed^[2]
• 0x8009030D: The credentials supplied to the package were not recognized^[2]
• 0x8009030E: No credentials are available in the security package^[2]
• 0x8009030F: The message or signature supplied for verification has been altered^[2]
• 0x80090310: The message supplied for verification is out of sequence^[2]
• 0x80090311: No authority could be contacted for authentication.^[2]
• 0x00090312: The function completed successfully, but must be called again to complete the context^[2]
• 0x00090313: The function completed successfully, but CompleteToken must be called^[2]
• 0x00090314: The function completed successfully, but both CompleteToken and this function must be called to complete the context^[2]
• 0x00090315: The logon was completed, but no network authority was available. The logon was made using locally known information^[2]
• 0x80090316: The requested security package does not exist^[2]
• 0x80090317: The context has expired and can no longer be used.^[2]
• 0x00090317: The context has expired and can no longer be used.^[2]
• 0x80090318: The supplied message is incomplete. The signature was not verified.^[2]
• 0x80090320: The credentials supplied were not complete, and could not be verified. The context could not be initialized.^[2]
• 0x80090321: The buffers supplied to a function was too small.^[2]
• 0x00090320: The credentials supplied were not complete, and could not be verified. Additional information can be returned from the context.^[2]
• 0x00090321: The context data must be renegotiated with the peer.^[2]
• 0x80090322: The target principal name is incorrect.^[2]
• 0x00090323: There is no LSA mode context associated with this context.^[2]
• 0x80090324: The clocks on the client and server machines are skewed.^[2]
• 0x80090325: The certificate chain was issued by an authority that is not trusted.^[2]
• 0x80090326: The message received was unexpected or badly formatted.^[2]
• 0x80090327: An unknown error occurred while processing the certificate.^[2]
• 0x80090328: The received certificate has expired.^[2]
• 0x80090329: The specified data could not be encrypted.^[2]
• 0x80090330: The specified data could not be decrypted.^[2]
• 0x80090331: The client and server cannot communicate, because they do not possess a common algorithm.^[2]
• 0x80090332: The security context could not be established due to a failure in the requested quality of service (e.g. mutual authentication or delegation).^[2]
• 0x80090333: A security context was deleted before the context was completed. This is considered a logon failure.^[2]
• 0x80090334: The client is trying to negotiate a context and the server requires user-to-user but didn't send a TGT reply.^[2]
• 0x80090335: Unable to accomplish the requested task because the local machine does not have any IP addresses.^[2]
• 0x80090336: The supplied credential handle does not match the credential associated with the security context.^[2]
• 0x80090337: The crypto system or checksum function is invalid because a required function is unavailable.^[2]
• 0x80090338: The number of maximum ticket referrals has been exceeded.^[2]
• 0x80090339: The local machine must be a Kerberos KDC (domain controller) and it is not.^[2]
• 0x8009033A: The other end of the security negotiation is requires strong crypto but it is not supported on the local machine.^[2]
• 0x8009033B: The KDC reply contained more than one principal name.^[2]
• 0x8009033C: Expected to find PA data for a hint of what etype to use, but it was not found.^[2]
• 0x8009033D: The client certificate does not contain a valid UPN, or does not match the client name in the logon request. Please contact your administrator.^[2]
• 0x8009033E: Smartcard logon is required and was not used.^[2]
• 0x8009033F: A system shutdown is in progress.^[2]
• 0x80090340: An invalid request was sent to the KDC.^[2]
• 0x80090341: The KDC was unable to generate a referral for the service requested.^[2]
• 0x80090342: The encryption type requested is not supported by the KDC.^[2]
• 0x80090343: An unsupported preauthentication mechanism was presented to the Kerberos package.^[2]
• 0x80090345: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.^[2]
• 0x80090346: Client's supplied SSPI channel bindings were incorrect.^[2]
• 0x80090347: The received certificate was mapped to multiple accounts.^[2]
• 0x80090348: SEC_E_NO_KERB_KEY^[2]
• 0x80090349: The certificate is not valid for the requested usage.^[2]
• 0x80090350: The system cannot contact a domain controller to service the authentication request. Please try again later.^[2]
• 0x80090351: The smartcard certificate used for authentication has been revoked. Please contact your system administrator. There may be additional information in the event log.^[2]
• 0x80090352: An untrusted certificate authority was detected while processing the smartcard certificate used for authentication. Please contact your system administrator.^[2]
• 0x80090353: The revocation status of the smartcard certificate used for authentication could not be determined. Please contact your system administrator.^[2]
• 0x80090354: The smartcard certificate used for authentication was not trusted. Please contact your system administrator.^[2]
• 0x80090355: The smartcard certificate used for authentication has expired. Please contact your system administrator.^[2]
• 0x80090356: The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for user.^[2]
• 0x80090357: An attempt was made by this server to make a Kerberos constrained delegation request for a target outside of the server's realm. This is not supported, and indicates a misconfiguration on this server's allowed to delegate to list. Please contact your administrator.^[2]
• 0x80090358: The revocation status of the domain controller certificate used for smartcard authentication could not be determined. There is additional information in the system event log. Please contact your system administrator.^[2]
• 0x80090359: An untrusted certificate authority was detected while processing the domain controller certificate used for authentication. There is additional information in the system event log. Please contact your system administrator.^[2]
• 0x8009035A: The domain controller certificate used for smartcard logon has expired. Please contact your system administrator with the contents of your system event log.^[2]
• 0x8009035B: The domain controller certificate used for smartcard logon has been revoked. Please contact your system administrator with the contents of your system event log.^[2]
• 0x0009035C: A signature operation must be performed before the user can authenticate.^[2]
• 0x8009035D: One or more of the parameters passed to the function was invalid.^[2]
• 0x8009035E: Client policy does not allow credential delegation to target server.^[2]
• 0x8009035F: Client policy does not allow credential delegation to target server with NLTM only authentication.^[2]
• 0x00090360: The recipient rejected the renegotiation request.^[2]
• 0x80090361: The required security context does not exist.^[2]
• 0x80090362: The PKU2U protocol encountered an error while attempting to utilize the associated certificates.^[2]
• 0x80090363: The identity of the server computer could not be verified.^[2]
• 0x00090364: The returned buffer is only a fragment of the message. More fragments need to be returned.^[2]
• 0x80090365: Only https scheme is allowed.^[2]
• 0x00090366: The function completed successfully, but must be called again to complete the context. Early start can be used.^[2]
• 0x80090367: No common application protocol exists between the client and the server. Application protocol negotiation failed.^[2]
• 0x00090368: An asynchronous SSPI routine has been called and the work is pending completion.^[2]
• 0x80090369: You can't sign in with a user ID in this format. Try using your email address instead.^[2]
• 0x80091001: An error occurred while performing an operation on a cryptographic message.^[2]
• 0x80091002: Unknown cryptographic algorithm.^[2]
• 0x80091003: The object identifier is poorly formatted.^[2]
• 0x80091004: Invalid cryptographic message type.^[2]
• 0x80091005: Unexpected cryptographic message encoding.^[2]
• 0x80091006: The cryptographic message does not contain an expected authenticated attribute.^[2]
• 0x80091007: The hash value is not correct.^[2]
• 0x80091008: The index value is not valid.^[2]
• 0x80091009: The content of the cryptographic message has already been decrypted.^[2]
• 0x8009100A: The content of the cryptographic message has not been decrypted yet.^[2]
• 0x8009100B: The enveloped-data message does not contain the specified recipient.^[2]
• 0x8009100C: Invalid control type.^[2]
• 0x8009100D: Invalid issuer and/or serial number.^[2]
• 0x8009100E: Cannot find the original signer.^[2]
• 0x8009100F: The cryptographic message does not contain all of the requested attributes.^[2]
• 0x80091010: The streamed cryptographic message is not ready to return data.^[2]
• 0x80091011: The streamed cryptographic message requires more data to complete the decode operation.^[2]
• 0x00091012: The protected data needs to be re-protected.^[2]
• 0x80092001: The length specified for the output data was insufficient.^[2]
• 0x80092002: An error occurred during encode or decode operation.^[2]
• 0x80092003: An error occurred while reading or writing to a file.^[2]
• 0x80092004: Cannot find object or property.^[2]
• 0x80092005: The object or property already exists.^[2]
• 0x80092006: No provider was specified for the store or object.^[2]
• 0x80092007: The specified certificate is self signed.^[2]
• 0x80092008: The previous certificate or CRL context was deleted.^[2]
• 0x80092009: Cannot find the requested object.^[2]
• 0x8009200A: The certificate does not have a property that references a private key.^[2]
• 0x8009200B: Cannot find the certificate and private key for decryption.^[2]
• 0x8009200C: Cannot find the certificate and private key to use for decryption.^[2]
• 0x8009200D: Not a cryptographic message or the cryptographic message is not formatted correctly.^[2]
• 0x8009200E: The signed cryptographic message does not have a signer for the specified signer index.^[2]
• 0x8009200F: Final closure is pending until additional frees or closes.^[2]
• 0x80092010: The certificate is revoked.^[2]
• 0x80092011: No Dll or exported function was found to verify revocation.^[2]
• 0x80092012: The revocation function was unable to check revocation for the certificate.^[2]
• 0x80092013: The revocation function was unable to check revocation because the revocation server was offline.^[2]
• 0x80092014: The certificate is not in the revocation server's database.^[2]
• 0x80092020: The string contains a non-numeric character.^[2]
• 0x80092021: The string contains a non-printable character.^[2]
• 0x80092022: The string contains a character not in the 7 bit ASCII character set.^[2]
• 0x80092023: The string contains an invalid X500 name attribute key, oid, value or delimiter.^[2]
• 0x80092024: The dwValueType for the CERT_NAME_VALUE is not one of the character strings. Most likely it is either a CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING.^[2]
• 0x80092025: The Put operation cannot continue. The file needs to be resized. However, there is already a signature present. A complete signing operation must be done.^[2]
• 0x80092026: The cryptographic operation failed due to a local security option setting.^[2]
• 0x80092027: No DLL or exported function was found to verify subject usage.^[2]
• 0x80092028: The called function was unable to do a usage check on the subject.^[2]
• 0x80092029: Since the server was offline, the called function was unable to complete the usage check.^[2]
• 0x8009202A: The subject was not found in a Certificate Trust List (CTL).^[2]
• 0x8009202B: None of the signers of the cryptographic message or certificate trust list is trusted.^[2]
• 0x8009202C: The public key's algorithm parameters are missing.^[2]
• 0x8009202D: An object could not be located using the object locator infrastructure with the given name.^[2]
• 0x80093000: OSS Certificate encode/decode error code base See asn1code.h for a definition of the OSS runtime errors. The OSS error values are offset by CRYPT_E_OSS_ERROR.^[2]
• 0x80093001: OSS ASN.1 Error: Output Buffer is too small.^[2]
• 0x80093002: OSS ASN.1 Error: Signed integer is encoded as a unsigned integer.^[2]
• 0x80093003: OSS ASN.1 Error: Unknown ASN.1 data type.^[2]
• 0x80093004: OSS ASN.1 Error: Output buffer is too small, the decoded data has been truncated.^[2]
• 0x80093005: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093006: OSS ASN.1 Error: Invalid argument.^[2]
• 0x80093007: OSS ASN.1 Error: Encode/Decode version mismatch.^[2]
• 0x80093008: OSS ASN.1 Error: Out of memory.^[2]
• 0x80093009: OSS ASN.1 Error: Encode/Decode Error.^[2]
• 0x8009300A: OSS ASN.1 Error: Internal Error.^[2]
• 0x8009300B: OSS ASN.1 Error: Invalid data.^[2]
• 0x8009300C: OSS ASN.1 Error: Invalid data.^[2]
• 0x8009300D: OSS ASN.1 Error: Unsupported BER indefinite-length encoding.^[2]
• 0x8009300E: OSS ASN.1 Error: Access violation.^[2]
• 0x8009300F: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093010: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093011: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093012: OSS ASN.1 Error: Internal Error.^[2]
• 0x80093013: OSS ASN.1 Error: Multi-threading conflict.^[2]
• 0x80093014: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093015: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093016: OSS ASN.1 Error: Invalid data.^[2]
• 0x80093017: OSS ASN.1 Error: Encode/Decode function not implemented.^[2]
• 0x80093018: OSS ASN.1 Error: Trace file error.^[2]
• 0x80093019: OSS ASN.1 Error: Function not implemented.^[2]
• 0x8009301A: OSS ASN.1 Error: Program link error.^[2]
• 0x8009301B: OSS ASN.1 Error: Trace file error.^[2]
• 0x8009301C: OSS ASN.1 Error: Trace file error.^[2]
• 0x8009301D: OSS ASN.1 Error: Invalid data.^[2]
• 0x8009301E: OSS ASN.1 Error: Invalid data.^[2]
• 0x8009301F: OSS ASN.1 Error: Program link error.^[2]
• 0x80093020: OSS ASN.1 Error: Program link error.^[2]
• 0x80093021: OSS ASN.1 Error: Program link error.^[2]
• 0x80093022: OSS ASN.1 Error: Program link error.^[2]
• 0x80093023: OSS ASN.1 Error: Program link error.^[2]
• 0x80093024: OSS ASN.1 Error: Program link error.^[2]
• 0x80093025: OSS ASN.1 Error: Program link error.^[2]
• 0x80093026: OSS ASN.1 Error: Program link error.^[2]
• 0x80093027: OSS ASN.1 Error: Program link error.^[2]
• 0x80093028: OSS ASN.1 Error: Program link error.^[2]
• 0x80093029: OSS ASN.1 Error: Program link error.^[2]
• 0x8009302A: OSS ASN.1 Error: Program link error.^[2]
• 0x8009302B: OSS ASN.1 Error: Program link error.^[2]
• 0x8009302C: OSS ASN.1 Error: Program link error.^[2]
• 0x8009302D: OSS ASN.1 Error: System resource error.^[2]
• 0x8009302E: OSS ASN.1 Error: Trace file error.^[2]
• 0x80093100: ASN1 Certificate encode/decode error code base. The ASN1 error values are offset by CRYPT_E_ASN1_ERROR.^[2]
• 0x80093101: ASN1 internal encode or decode error.^[2]
• 0x80093102: ASN1 unexpected end of data.^[2]
• 0x80093103: ASN1 corrupted data.^[2]
• 0x80093104: ASN1 value too large.^[2]
• 0x80093105: ASN1 constraint violated.^[2]
• 0x80093106: ASN1 out of memory.^[2]
• 0x80093107: ASN1 buffer overflow.^[2]
• 0x80093108: ASN1 function not supported for this PDU.^[2]
• 0x80093109: ASN1 bad arguments to function call.^[2]
• 0x8009310A: ASN1 bad real value.^[2]
• 0x8009310B: ASN1 bad tag value met.^[2]
• 0x8009310C: ASN1 bad choice value.^[2]
• 0x8009310D: ASN1 bad encoding rule.^[2]
• 0x8009310E: ASN1 bad unicode (UTF8).^[2]
• 0x80093133: ASN1 bad PDU type.^[2]
• 0x80093134: ASN1 not yet implemented.^[2]
• 0x80093201: ASN1 skipped unknown extension(s).^[2]
• 0x80093202: ASN1 end of data expected^[2]
• 0x80094001: The request subject name is invalid or too long.^[2]
• 0x80094002: The request does not exist.^[2]
• 0x80094003: The request's current status does not allow this operation.^[2]
• 0x80094004: The requested property value is empty.^[2]
• 0x80094005: The certification authority's certificate contains invalid data.^[2]
• 0x80094006: Certificate service has been suspended for a database restore operation.^[2]
• 0x80094007: The certificate contains an encoded length that is potentially incompatible with older enrollment software.^[2]
• 0x80094008: The operation is denied. The user has multiple roles assigned and the certification authority is configured to enforce role separation.^[2]
• 0x80094009: The operation is denied. It can only be performed by a certificate manager that is allowed to manage certificates for the current requester.^[2]
• 0x8009400A: Cannot archive private key. The certification authority is not configured for key archival.^[2]
• 0x8009400B: Cannot archive private key. The certification authority could not verify one or more key recovery certificates.^[2]
• 0x8009400C: The request is incorrectly formatted. The encrypted private key must be in an unauthenticated attribute in an outermost signature.^[2]
• 0x8009400D: At least one security principal must have the permission to manage this CA.^[2]
• 0x8009400E: The request contains an invalid renewal certificate attribute.^[2]
• 0x8009400F: An attempt was made to open a Certification Authority database session, but there are already too many active sessions. The server may need to be configured to allow additional sessions.^[2]
• 0x80094010: A memory reference caused a data alignment fault.^[2]
• 0x80094011: The permissions on this certification authority do not allow the current user to enroll for certificates.^[2]
• 0x80094012: The permissions on the certificate template do not allow the current user to enroll for this type of certificate.^[2]
• 0x80094013: The contacted domain controller cannot support signed LDAP traffic. Update the domain controller or configure Certificate Services to use SSL for Active Directory access.^[2]
• 0x80094014: The request was denied by a certificate manager or CA administrator.^[2]
• 0x80094015: An enrollment policy server cannot be located.^[2]
• 0x80094016: A signature algorithm or public key length does not meet the system's minimum required strength.^[2]
• 0x80094017: Failed to create an attested key. This computer or the cryptographic provider may not meet the hardware requirements to support key attestation.^[2]
• 0x80094018: No encryption certificate was specified.^[2]
• 0x80094800: The requested certificate template is not supported by this CA.^[2]
• 0x80094801: The request contains no certificate template information.^[2]
• 0x80094802: The request contains conflicting template information.^[2]
• 0x80094803: The request is missing a required Subject Alternate name extension.^[2]
• 0x80094804: The request is missing a required private key for archival by the server.^[2]
• 0x80094805: The request is missing a required SMIME capabilities extension.^[2]
• 0x80094806: The request was made on behalf of a subject other than the caller. The certificate template must be configured to require at least one signature to authorize the request.^[2]
• 0x80094807: The request template version is newer than the supported template version.^[2]
• 0x80094808: The template is missing a required signature policy attribute.^[2]
• 0x80094809: The request is missing required signature policy information.^[2]
• 0x8009480A: The request is missing one or more required signatures.^[2]
• 0x8009480B: One or more signatures did not include the required application or issuance policies. The request is missing one or more required valid signatures.^[2]
• 0x8009480C: The request is missing one or more required signature issuance policies.^[2]
• 0x8009480D: The UPN is unavailable and cannot be added to the Subject Alternate name.^[2]
• 0x8009480E: The Active Directory GUID is unavailable and cannot be added to the Subject Alternate name.^[2]
• 0x8009480F: The DNS name is unavailable and cannot be added to the Subject Alternate name.^[2]
• 0x80094810: The request includes a private key for archival by the server, but key archival is not enabled for the specified certificate template.^[2]
• 0x80094811: The public key does not meet the minimum size required by the specified certificate template.^[2]
• 0x80094812: The EMail name is unavailable and cannot be added to the Subject or Subject Alternate name.^[2]
• 0x80094813: One or more certificate templates to be enabled on this certification authority could not be found.^[2]
• 0x80094814: The certificate template renewal period is longer than the certificate validity period. The template should be reconfigured or the CA certificate renewed.^[2]
• 0x80094815: The certificate template requires too many RA signatures. Only one RA signature is allowed.^[2]
• 0x80094816: The certificate template requires renewal with the same public key, but the request uses a different public key.^[2]
• 0x80094817: The certification authority cannot interpret or verify the endorsement key information supplied in the request, or the information is inconsistent.^[2]
• 0x80094818: The certification authority cannot validate the Attestation Identity Key Id Binding.^[2]
• 0x80094819: The certification authority cannot validate the private key attestation data.^[2]
• 0x8009481A: The request does not support private key attestation as defined in the certificate template.^[2]
• 0x8009481B: The request public key is not consistent with the private key attestation data.^[2]
• 0x8009481C: The private key attestation challenge cannot be validated because the encryption certificate has expired, or the certificate or key is unavailable.^[2]
• 0x8009481D: The attestation response could not be validated. It is either unexpected or incorrect.^[2]
• 0x8009481E: A valid Request ID was not detected in the request attributes, or an invalid one was submitted.^[2]
• 0x80095000: The key is not exportable.^[2]
• 0x80095001: You cannot add the root CA certificate into your local store.^[2]
• 0x80095002: The key archival hash attribute was not found in the response.^[2]
• 0x80095003: An unexpected key archival hash attribute was found in the response.^[2]
• 0x80095004: There is a key archival hash mismatch between the request and the response.^[2]
• 0x80095005: Signing certificate cannot include SMIME extension.^[2]
• 0x80096001: A system-level error occurred while verifying trust.^[2]
• 0x80096002: The certificate for the signer of the message is invalid or not found.^[2]
• 0x80096003: One of the counter signatures was invalid.^[2]
• 0x80096004: The signature of the certificate cannot be verified.^[2]
• 0x80096005: The timestamp signature and/or certificate could not be verified or is malformed.^[2]
• 0x80096010: The digital signature of the object did not verify.^[2]
• 0x80096011: The digital signature of the object is malformed. For technical detail, see security bulletin MS13-098.^[2]
• 0x80096019: A certificate's basic constraint extension has not been observed.^[2]
• 0x8009601E: The certificate does not meet or contain the Authenticode(tm) financial extensions.^[2]
• 0x80097001: Tried to reference a part of the file outside the proper range.^[2]
• 0x80097002: Could not retrieve an object from the file.^[2]
• 0x80097003: Could not find the head table in the file.^[2]
• 0x80097004: The magic number in the head table is incorrect.^[2]
• 0x80097005: The offset table has incorrect values.^[2]
• 0x80097006: Duplicate table tags or tags out of alphabetical order.^[2]
• 0x80097007: A table does not start on a long word boundary.^[2]
• 0x80097008: First table does not appear after header information.^[2]
• 0x80097009: Two or more tables overlap.^[2]
• 0x8009700A: Too many pad bytes between tables or pad bytes are not 0.^[2]
• 0x8009700B: File is too small to contain the last table.^[2]
• 0x8009700C: A table checksum is incorrect.^[2]
• 0x8009700D: The file checksum is incorrect.^[2]
• 0x80097010: The signature does not have the correct attributes for the policy.^[2]
• 0x80097011: The file did not pass the hints check.^[2]
• 0x80097012: The file is not an OpenType file.^[2]
• 0x80097013: Failed on a file operation (open, map, read, write).^[2]
• 0x80097014: A call to a CryptoAPI function failed.^[2]
• 0x80097015: There is a bad version number in the file.^[2]
• 0x80097016: The structure of the DSIG table is incorrect.^[2]
• 0x80097017: A check failed in a partially constant table.^[2]
• 0x80097018: Some kind of structural error.^[2]
• 0x80097019: The requested credential requires confirmation.^[2]

Sources

1. https://msdn.microsoft.com/en-us/library/cc231198.aspx
2. winerror.h from Windows SDK 10.0.14393.0