!!! Overview
Here are the [LDAP Result Codes] you might see along with [LDAP Result Code 49|LDAP_INVALID_CREDENTIALS] which would cause [Authentication Failures]

When you see an entry similar to:
{{{
"The exception is [LDAP: error code 49 - 80090308: LdapErr: DSID-0Cxxxxxx, comment: AcceptSecurityContext error, data <HEX>, vece ]."
}}}

The [hex] values will resolve to a [Microsoft Response Code] that may provide more information.

!! [Microsoft Active Directory] [LDAP] [Result Codes] sub-codes for [Bind Response]:
[LDAP Result Code 49|LDAP_INVALID_CREDENTIALS] sub-codes [1] for [Authentication Failures]:

%%zebra-table
%%sortable
%%table-filter
||[Code|LDAP Result Codes]||[hex]||[DEC]||Short Description||More Information|Comments
|[49|LDAP_INVALID_CREDENTIALS]|525|1317|[LDAP_NO_SUCH_OBJECT]|[Entry does not exist|LDAP_NO_SUCH_OBJECT].| 
|[49|LDAP_INVALID_CREDENTIALS]|52e|1326|[ERROR_LOGON_FAILURE]|Returns when [username] is valid but [password]/[credential] is invalid.| Will prevent most other errors from being displayed as noted.
|[49|LDAP_INVALID_CREDENTIALS]|52f|1327|[ERROR_ACCOUNT_RESTRICTION]|[Account Restrictions] are preventing this user from signing in. |For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.
|[49|LDAP_INVALID_CREDENTIALS]|530|1328|[ERROR_INVALID_LOGON_HOURS]|[Time Restriction]:Entry logon time restriction violation| 
|[49|LDAP_INVALID_CREDENTIALS]|531|1329|[ERROR_INVALID_WORKSTATION]|[Device Restriction]:Entry not allowed to log on to this computer.| 
|[49|LDAP_INVALID_CREDENTIALS]|532|1330|[ERROR_PASSWORD_EXPIRED]|[Password Expiration]: Entry password has expired LDAP [User-Account-Control Attribute] - [ERROR_PASSWORD_EXPIRED]|__NOTE__: Returns only when presented with valid username and [password]/[credential]. 
|[49|LDAP_INVALID_CREDENTIALS]|533|1331|[ERROR_ACCOUNT_DISABLED|ACCOUNTDISABLE]|[Administratively Disabled]: LDAP [User-Account-Control Attribute] - [ACCOUNTDISABLE]|__NOTE__: Returns only when presented with valid [username] and [password]/[credential]. 
|[49|LDAP_INVALID_CREDENTIALS]|568|1384|[ERROR_TOO_MANY_CONTEXT_IDS]|During a logon attempt, the user's security context accumulated too many [security Identifiers]. (ie [Group-AD])| 
|[49|LDAP_INVALID_CREDENTIALS]|701|1793|[ERROR_ACCOUNT_EXPIRED]|LDAP [Password Expiration]: [User-Account-Control Attribute] - [ACCOUNTEXPIRED|ERROR_ACCOUNT_EXPIRED]|__NOTE__: Returns only when presented with __valid__ username and password/credential. 
|[49|LDAP_INVALID_CREDENTIALS]|773|1907|[ERROR_PASSWORD_MUST_CHANGE]|[Password Expiration]: Entry's password must be changed before logging on LDAP [pwdLastSet]: value of 0 indicates admin-required password change - [MUST_CHANGE_PASSWD|ERROR_PASSWORD_MUST_CHANGE]|__NOTE__: Returns only when presented with valid username and password/credential. 
|[49|LDAP_INVALID_CREDENTIALS]|775|1909|[ERROR_ACCOUNT_LOCKED_OUT]|[Intruder Detection]:Entry is currently locked out and may not be logged on to LDAP [User-Account-Control Attribute] - [LOCKOUT]|__NOTE__: Returns even if invalid password is presented
|[49|LDAP_INVALID_CREDENTIALS]| 80090346|..|[ERROR_ACCOUNT_LOCKED_OUT]|AcceptSecurityContext error|SEC_E_BAD_BINDINGS - Client's supplied [Security Support Provider Interface] ([SSPI]) [Channel Bindings] were incorrect.

/%
/%
/%


[{$pagename}] will often be shown within the [Windows Event Log] as [Event 4625]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
[#1] Derived from various sources including [http://msdn.microsoft.com/en-us/library/windows/desktop/ms681386(v=vs.85).aspx] 2012-10-17