2.2 Message Syntax

For domain support, authentication protocols MUST use an NRPC pass-through authentication ([MS-NRPC] section 3.2) method with parameters determined by the authentication protocol being used.

Interactive and network logon information, passed through the LogonInformation parameter, is used when calling the NetrLogonSamLogonEx method ([MS-NRPC] section 3.5.4.5.1). Domain controller Kerberos PAC validation and digest messages MUST be encoded as opaque blobs and transported by the generic pass-through capability of Netlogon ([MS-NRPC] section 3.2.4.1).

All message fields, including bit flags, are in the following sections in little-endian format. These data structures MUST be built as if they are on a little-endian machine before transmission. On reception, the messages MUST be interpreted as little-endian and transformed into the native endianness of the implementation.

The following table shows a few of the main status codes returned by these protocols. For a complete list of status codes, see [MS-ERREF]

Symbolic name

Value

Meaning

STATUS_SUCCESS

0x00000000

Requested operation succeeded.

STATUS_LOGON_FAILURE

0xC000006D

Authentication failed.

STATUS_NO_SUCH_USER

0xC0000064

Specified account does not exist.

STATUS_NO_LOGON_SERVERS

0xC000005E

None of the domain controllers are reachable to service the request.