Search Results

Agent error code #ENTRA000 indicates that the agent could not reach Microsoft Graph at https://graph.microsoft.com. The request failed before any authentication or Named Location operation could take place. This error is distinct from authentication failures (...

Agent error code #ENTRA001 indicates that the Microsoft identity platform rejected the credentials provided by the agent during the client-credentials token request. The login endpoint returned an invalid_client or equivalent error. This error is distinct from...

Agent error code #ENTRA002 indicates that the agent authenticated to Entra ID successfully but Microsoft Graph rejected the Named Location request with HTTP 403 Forbidden. The app registration is missing the application permission required to read and write Co...

Agent error code #ENTRA003 indicates that the agent's TLS handshake with login.microsoftonline.com or graph.microsoft.com failed. The certificate presented by the endpoint could not be verified against the system trust store. This error is distinct from connec...

Agent error code #ENTRA004 indicates that a request to login.microsoftonline.com or graph.microsoft.com did not complete within the agent's HTTP timeout (25 seconds). This error is distinct from connection failures (#ENTRA000), which mean the connection never ...

Agent error code #ENTRA005 indicates that Microsoft Graph rejected the request with HTTP 429 Too Many Requests. The agent has hit the per-tenant or per-app rate limit on the Conditional Access API. Microsoft Graph publishes its throttling thresholds at Microso...

Agent error code #ENTRA050 indicates that the agent could not retrieve the configured Named Location from Microsoft Graph. The request reached Graph and authenticated successfully, but Graph returned an unexpected status (other than the 404 case covered by #EN...

Agent error code #ENTRA051 indicates that the agent retrieved the Named Location successfully but the PATCH to update its ipRanges was rejected by Microsoft Graph. This is distinct from authentication failures (#ENTRA001) and authorization failures (#ENTRA002)...

Agent error code #ENTRA052 indicates that Microsoft Graph returned HTTP 404 for the configured Named Location ID. The Knocknoc backend points at a Named Location that no longer exists in the tenant. Common causes include: The Named Location was deleted in the...

Agent error code #ENTRA053 indicates that the configured Named Location exists, but its @odata.type is not #microsoft.graph.ipNamedLocation. Knocknoc only manages IP-based Named Locations. Country-based and unknown-region Named Locations are not supported. Com...

Agent error code #ENTRA054 indicates that Microsoft Graph returned a 2xx status, but the response body did not match the expected schema. The agent could not decode the Named Location response or the OAuth token response. This error is rare. It usually points ...

Knocknoc controls access on Check Point gateways in one of two ways. In Active mode the Knocknoc agent pushes each authenticated user's IP to the gateway over the API, assigning a pre-existing Access Role; firewall rules that match that role then allow the tra...

Agent error code #CHKP000 indicates that the Knocknoc agent could not open a network connection to the Check Point gateway's Identity Awareness Web API. The connection failed before any TLS handshake or authentication took place. This is a network-level failur...

Agent error code #CHKP001 indicates that the Knocknoc agent reached the network path to the Check Point gateway but the gateway did not respond within the request time budget. This differs from #CHKP000, where the connection could not be opened at all. With #C...

Agent error code #CHKP002 indicates that the Knocknoc agent opened a connection to the Check Point gateway but could not establish a trusted TLS session. The gateway's certificate was not accepted by the agent host. Common causes include: The gateway presents...

Agent error code #CHKP003 indicates that the Check Point gateway rejected the shared secret the Knocknoc agent presented to the Identity Awareness Web API. The gateway returned an explicit "wrong password" response. This is distinct from #CHKP004, where the se...

Agent error code #CHKP004 indicates that the Check Point gateway recognised the shared secret but refused the request because the agent connected from an IP address the Identity Web API client does not accept. The Identity Web API enforces a source-IP allow-li...