Windows Security Log Event ID 6273

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022
Category • Subcategory	Logon/Logoff • Network Policy Server
Type	Success
Corresponding events in Windows 2003 and before

6273: Network Policy Server denied access to a user

On this page

Description of this event
Field level details
Examples
Mini-seminars on this event

I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.

Server 2016 and later has the following modifications to the event fields:

OS-Vesion removed

Free Security Log Resources by Randy

Description Fields in 6273

User:

Security ID
Account Name
Account Domain
Fully Qualified Account Name

Client Machine:

Security ID
Account Name
Fully Qualified Account Name
OS-Version (Removed in 2016)
Called Station Identifier
Calling Station Identifier

NAS:

NAS IPv4 Address
NAS IPv6 Address
NAS Identifier
NAS Port-Type
NAS Port

RADIUS Client:

Client Friendly Name
Client IP Address

Authentication Details:

Connection Request Policy Name
Network Policy Name
Authentication Provider
Authentication Server
Authentication Type
EAP Type
Account Session Identifier
Logging Results
Reason Code
Reason

Supercharger Free Edition

Centrally manage WEC subscriptions.

Free.

Examples of 6273

2016 and later

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

   Security ID:   %1
   Account Name:   %2
   Account Domain:   %3
   Fully Qualified Account Name: %4

Client Machine:

   Security ID:   %5
   Account Name:   %6
   Fully Qualified Account Name: %7
   Called Station Identifier: %8
   Calling Station Identifier: %9

NAS:

   NAS IPv4 Address: %10
   NAS IPv6 Address: %11
   NAS Identifier:   %12
   NAS Port-Type:   %13
   NAS Port:   %14

RADIUS Client:

Client Friendly Name: %15
Client IP Address: %16

Authentication Details:

Connection Request Policy Name: %17
Network Policy Name: %18
   Authentication Provider: %19
   Authentication Server: %20
   Authentication Type: %21
   EAP Type:   %22
   Account Session Identifier: %23
Logging Results: %26
   Reason Code:   %24
   Reason:    %25

2012r2

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

   Security ID:   %1
   Account Name:   %2
   Account Domain:   %3
   Fully Qualified Account Name: %4

Client Machine:

   Security ID:   %5
   Account Name:   %6
   Fully Qualified Account Name: %7
   OS-Version:   %8
   Called Station Identifier: %9
   Calling Station Identifier: %10

NAS:

   NAS IPv4 Address: %11
   NAS IPv6 Address: %12
   NAS Identifier:   %13
   NAS Port-Type:   %14
   NAS Port:   %15

RADIUS Client:

Client Friendly Name: %16
Client IP Address: %17

Authentication Details:

Connection Request Policy Name: %18
   Network Policy Name: %19
   Authentication Provider: %20
   Authentication Server: %21
   Authentication Type: %22
   EAP Type:   %23
   Account Session Identifier: %24
Logging Results: %27
   Reason Code:   %25
   Reason:    %26

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.