Overview#Here are the error codes you might see along with error 49, and their definitions.
Technically these are LDAP Result Codes as "0" implies success when performing a bind. However, we typically do not worry about the success results only the errors.
When you see an entry similar to:
"The exception is [LDAP: error code 49 - 80090308: LdapErr: DSID-0Cxxxxxx, comment: AcceptSecurityContext error, data <HEX>, vece ]."
The HEX values will resolve to a Microsoft Response Code that may provide more information.
AD LDAP Result Code 49 sub-codes  for Authentication Failures:#
|LDAP Code||HEX||DEC||Short Description||More Information||Comments|
|49||525||1317||LDAP_NO_SUCH_OBJECT||Entry does not exist.|
|49||52e||1326||ERROR_LOGON_FAILURE||Returns when username is valid but password/credential is invalid.||Will prevent most other errors from being displayed as noted.|
|49||52f||1327||ERROR_ACCOUNT_RESTRICTION||Account Restrictions are preventing this user from signing in.||For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.|
|49||530||1328||ERROR_INVALID_LOGON_HOURS||Time Restriction:Entry logon time restriction violation|
|49||531||1329||ERROR_INVALID_WORKSTATION||Device Restriction:Entry not allowed to log on to this computer.|
|49||532||1330||ERROR_PASSWORD_EXPIRED||Password Expiration: Entry password has expired LDAP User-Account-Control Attribute - ERROR_PASSWORD_EXPIRED||NOTE: Returns only when presented with valid username and password/credential.|
|49||533||1331||ERROR_ACCOUNT_DISABLED||Administratively Disabled: LDAP User-Account-Control Attribute - ACCOUNTDISABLE||NOTE: Returns only when presented with valid username and password/credential.|
|49||568||1384||ERROR_TOO_MANY_CONTEXT_IDS||During a logon attempt, the user's security context accumulated too many security Identifiers. (ie Group-AD)|
|49||701||1793||ERROR_ACCOUNT_EXPIRED||LDAP Password Expiration: User-Account-Control Attribute - ACCOUNTEXPIRED||NOTE: Returns only when presented with valid username and password/credential.|
|49||773||1907||ERROR_PASSWORD_MUST_CHANGE||Password Expiration: Entry's password must be changed before logging on LDAP pwdLastSet: value of 0 indicates admin-required password change - MUST_CHANGE_PASSWD||NOTE: Returns only when presented with valid username and password/credential.|
|49||775||1909||ERROR_ACCOUNT_LOCKED_OUT||Intruder Detection:Entry is currently locked out and may not be logged on to LDAP User-Account-Control Attribute - LOCKOUT||NOTE: Returns even if invalid password is presented|
More Information#There might be more information for this subject on one of the following:
- LDAP Result Codes
- LDAP and Active Directory
- Microsoft Active Directory
- User-Account-Control Attribute
[#1] Derived from various sources including http://msdn.microsoft.com/en-us/library/windows/desktop/ms681386(v=vs.85).aspx 2012-10-17