| 0 |
No error – successful logon |
| 1 |
Incorrect logon data (client / user name / password) |
| 2 |
User account is locked |
| 3 |
Incorrect logon data; for SAPGUI: connection closed |
| 4 |
(Successful) Logon using emergency user SAP* (see SAP Note 2383) |
| 5 |
Error when constructing the user buffer (==> possible follow-on error) |
| 6 |
User exists only in the central user administration (CUA) |
| 7 |
Invalid user type |
| 8 |
User account outside validity period |
| 9 |
SNC name and specified user/client do not match |
| 10 |
Logon requires SNC (Secure Network Communication) |
| 11 |
No ABAP user with this SNC name exists in the system |
| 12 |
ACL entry for SNC-secured server-server link is missing |
| 13 |
No suitable SAP account found for the SNC name |
| 14 |
Ambiguous assignment of SNC names to ABAP users |
| 15 |
Unencrypted SAP GUI connection refused |
| 16 |
Unencrypted RFC connection refused |
| 20 |
Logon using logon/assertion ticket is generally deactivated |
| 21 |
Syntax error in received logon/assertion ticket or reentrance ticket not valid |
| 22 |
Digital signature check for logon/assertion ticket fails |
| 23 |
Logon ticket/assertion issuer is not in the ACL table |
| 24 |
Logon/assertion ticket is no longer valid |
| 25 |
Assertion ticket receiver is not the addressed recipient |
| 26 |
Logon/assertion ticket contains no/an empty ABAP user ID |
| 27 |
Reauthorization check: ticket does not match current user |
| 28 |
Ticket logon denied by security policy |
| 30 |
Logon using X.509 certificate is generally deactivated |
| 31 |
Syntax error in the received X.509 certificate |
| 32 |
X.509 certificate does not originate from the Internet Transaction Server |
| 34 |
No suitable ABAP user found for the X.509 certificate |
| 35 |
Ambiguous assignment of X.509 certificate to ABAP users |
| 36 |
36 Certificate is older than the date entered as “min. date” (USREXTID) |
| 41 |
No suitable ABAP user found for the external ID |
| 42 |
Ambiguous assignment of external ID to ABAP users |
| 50 |
Password logon was generally deactivated or denied by security policy |
| 51 |
Initial password has not been used for too long |
| 52 |
User does not have a password |
| 53 |
Password lock active (too many failed logons) |
| 54 |
Productive password has not been used for too long |
| 60 |
SPNego logon denied by security policy |
| 61 |
Invalid SPNego token (syntax) |
| 62 |
NTLM token received instead of SPNego token |
| 63 |
Missing/incorrect Kerberos keytab entry |
| 64 |
Invalid SPNego token (time) |
| 65 |
SPNego replay attack detected |
| 66 |
SPNego: Error when creating the SNC name |
| 67 |
SPNego: No suitable SAP account found for the SNC name |
| 68 |
SPNego: Ambiguous assignment of SNC names to ABAP users |
| 69 |
Reauthentication check: SPNego token does not match current user |
| 100 |
Client does not exist |
| 101 |
Client is currently locked for logons |
| 102 |
External WebSocket RFC communication is not allowed (RFC runtime) |
| 103 |
External WebSocket RFC communication requires alias user (RFC runtime) |
| 104 |
System is in maintenance mode and locked against logons |
| 110 |
Tenant was stopped (runlevel STOPPED) |
| 111 |
Tenant cannot be used generally (runlevel ADMIN) |
| 112 |
No authorization to log on to the current logon category |
| 120 |
Server does not allow logon |
| 121 |
No special rights for logon on this server |
| 300-399 |
OpenID connect (OIDC) error; see SAP Note 3111813 |
| 1001 |
Password is initial/has expired – interactive change required (RFC/ICF) |
| 1002 |
Trusted system logon failed (no S_RFCACL authorization) |
| 3000 |
Reauthorization check: SAML bearer assertion is not compatible with current user |
| 3001 |
Internal SAML bearer assertion verification error |
| 3002 |
SAML bearer assertion could not be parsed |
| 3003 |
SAML bearer assertion was already used (replay) |
| 3004 |
SAML bearer assertion could not be assigned to a user |
| 3005 |
Issuer of SAML bearer assertion is not trusted |
| 3006 |
NameID format of SAML bearer assertion is not supported |
| 3007 |
Signature of SAML bearer assertion is not valid |
| 3008 |
SAML bearer assertion is not valid or is no longer valid |
| 3009 |
SAML is not activated or SAML bearer assertion provider is not activated |
