BACnet Error Code Decoder BACnet
Turn the numbers a device sends back when it refuses a request into what actually went wrong — error class and code, reject reason, or abort reason.
The inputs are seeded with an example — edit them to your numbers.
Input
An Error is a class + code pair — the service ran and the device refused it.
Output
The full reference
Every error class, error code, reject reason, and abort reason, filterable across all four at once. Click a value to copy it.
| Code | Name | What it means |
|---|---|---|
| 0 | other | Catch-all the device returns when no specific code fits; the real cause is vendor-defined, so check the device's own log or manual. |
| 1 | authentication-failed | — |
| 2 | configuration-in-progress | Device is mid-download or commissioning and can't service the request; retry once the config or program load finishes. |
| 3 | device-busy | Device is temporarily overloaded, often mid-backup, restore, or program load; back off and retry in a few seconds. |
| 4 | dynamic-creation-not-supported | — |
| 5 | file-access-denied | File-object read or write refused; usually a permissions issue or the file is locked open by a backup or restore. |
| 6 | incompatible-security-levels | — |
| 7 | inconsistent-parameters | Service arguments conflict with each other, like a mismatched array size or bad option combo; fix the request the tool built. |
| 8 | inconsistent-selection-criterion | — |
| 9 | invalid-data-type | Written value's datatype doesn't match the property, such as a real into an enum or integer; correct the datatype in the write. |
| 10 | invalid-file-access-method | — |
| 11 | invalid-file-start-position | — |
| 12 | invalid-operator-name | — |
| 13 | invalid-parameter-data-type | — |
| 14 | invalid-time-stamp | — |
| 15 | key-generation-error | — |
| 16 | missing-required-parameter | The request PDU left out a mandatory field; a malformed client request, so check the tool or driver encoding. |
| 17 | no-objects-of-specified-type | — |
| 18 | no-space-for-object | Device's object database is full, so CreateObject fails; delete unused objects or you've hit the device's object limit. |
| 19 | no-space-to-add-list-element | — |
| 20 | no-space-to-write-property | Property storage is full, often when adding to a list like a schedule or group; free space or trim existing entries. |
| 21 | no-vt-sessions-available | — |
| 22 | property-is-not-a-list | AddListElement or RemoveListElement was used on a property that isn't a list; wrong service for that property. |
| 23 | object-deletion-not-permitted | Object can't be deleted because it's built-in, like the Device object or a fixed I/O point; only dynamic objects delete. |
| 24 | object-identifier-already-exists | CreateObject asked for an instance number already in use; pick an unused instance for that object type. |
| 25 | operational-problem | Device has an internal fault blocking the operation; check its health and alarms, and it may need a reboot. |
| 26 | password-failure | — |
| 27 | read-access-denied | The property exists but reading it is blocked; you lack the rights or security level to read that property. |
| 28 | security-not-supported | — |
| 29 | service-request-denied | The target device refused the service on its own policy, state, or security grounds; the request was well-formed, so check that device, not the network. |
| 30 | timeout | No reply within the APDU timeout; a comms problem like wrong MAC or network number, a dead device, or MS/TP token loss. |
| 31 | unknown-object | The referenced object doesn't exist on the device; wrong object type or instance, or it was deleted — a rename won't do it, references are by id. |
| 32 | unknown-property | The object doesn't support that property id; wrong property or a proprietary one this device doesn't implement. |
| 34 | unknown-vt-class | — |
| 35 | unknown-vt-session | — |
| 36 | unsupported-object-type | CreateObject asked for an object type the device doesn't implement; check the PICS for supported types. |
| 37 | value-out-of-range | Written value is outside the property's allowed range, like a bad priority, COV increment, or setpoint; clamp it to range. |
| 38 | vt-session-already-closed | — |
| 39 | vt-session-termination-failure | — |
| 40 | write-access-denied | Property is read-only or not writable now, such as an input's Present_Value or a command-priority conflict. |
| 41 | character-set-not-supported | — |
| 42 | invalid-array-index | Array index is past the property's size, or index 0 misused; read the array length before indexing into it. |
| 43 | cov-subscription-failed | Device couldn't set up the COV subscription, usually its subscription table is full; free a slot or fall back to polling. |
| 44 | not-cov-property | Subscribed change-of-value on a property that doesn't support it; only ones like Present_Value or Status_Flags qualify. |
| 45 | optional-functionality-not-supported | Device doesn't implement that optional service or feature; check its BIBBs or PICS before relying on it. |
| 46 | invalid-configuration-data | — |
| 47 | datatype-not-supported | The datatype used isn't one the device accepts for that property or operation; re-encode with a supported type. |
| 48 | duplicate-name | The Object_Name is already taken on this device; names must be unique per device, so choose another. |
| 49 | duplicate-object-id | The object-identifier collides with an existing object; that instance is already assigned on the device. |
| 50 | property-is-not-an-array | An array index was used on a scalar property; drop the index and read or write the value whole. |
| 51 | abort-buffer-overflow | — |
| 52 | abort-invalid-apdu-in-this-state | — |
| 53 | abort-preempted-by-higher-priority-task | — |
| 54 | abort-segmentation-not-supported | — |
| 56 | abort-other | — |
| 57 | invalid-tag | — |
| 58 | network-down | — |
| 59 | reject-buffer-overflow | — |
| 60 | reject-inconsistent-parameters | — |
| 61 | reject-invalid-parameter-data-type | — |
| 62 | reject-invalid-tag | — |
| 63 | reject-missing-required-parameter | — |
| 64 | reject-parameter-out-of-range | — |
| 65 | reject-too-many-arguments | — |
| 66 | reject-undefined-enumeration | — |
| 67 | reject-unrecognized-service | — |
| 69 | reject-other | — |
| 70 | unknown-device | A responding gateway or proxy doesn't recognize the referenced device instance; a true dead route instead shows up as a network Reject or a timeout, not this. |
| 71 | unknown-route | — |
| 72 | value-not-initialized | Property holds no value yet, typically an empty priority-array slot or a point that was never written. |
| 73 | invalid-event-state | — |
| 74 | no-alarm-configured | — |
| 75 | log-buffer-full | — |
| 76 | logged-value-purged | — |
| 77 | no-property-specified | — |
| 78 | not-configured-for-triggered-logging | — |
| 79 | unknown-subscription | Referenced a COV subscription that no longer exists; it expired or was never created, so resubscribe. |
| 80 | parameter-out-of-range | — |
| 81 | list-element-not-found | — |
| 82 | busy | Device can't service the request at the moment; wait briefly and retry. |
| 83 | communication-disabled | DeviceCommunicationControl has silenced the device's traffic; send a DCC enable or wait out its timer to restore comms. |
| 84 | success | No error; the positive result code confirming the operation completed. |
| 85 | access-denied | Request refused on authorization grounds; you lack the rights, common with BACnet/SC or key-based security. |
| 86 | bad-destination-address | — |
| 87 | bad-destination-device-id | — |
| 88 | bad-signature | — |
| 89 | bad-source-address | — |
| 90 | bad-timestamp | — |
| 91 | cannot-use-key | — |
| 92 | cannot-verify-message-id | — |
| 93 | correct-key-revision | — |
| 94 | destination-device-id-required | — |
| 95 | duplicate-message | — |
| 96 | encryption-not-configured | — |
| 97 | encryption-required | — |
| 98 | incorrect-key | — |
| 99 | invalid-key-data | — |
| 100 | key-update-in-progress | — |
| 101 | malformed-message | — |
| 102 | not-key-server | — |
| 103 | security-not-configured | — |
| 104 | source-security-required | — |
| 105 | too-many-keys | — |
| 106 | unknown-authentication-type | — |
| 107 | unknown-key | — |
| 108 | unknown-key-revision | — |
| 109 | unknown-source-message | — |
| 110 | not-router-to-dnet | — |
| 111 | router-busy | — |
| 112 | unknown-network-message | — |
| 113 | message-too-long | — |
| 114 | security-error | — |
| 115 | addressing-error | — |
| 116 | write-bdt-failed | — |
| 117 | read-bdt-failed | — |
| 118 | register-foreign-device-failed | — |
| 119 | read-fdt-failed | — |
| 120 | delete-fdt-entry-failed | — |
| 121 | distribute-broadcast-failed | — |
| 122 | unknown-file-size | — |
| 123 | abort-apdu-too-long | — |
| 124 | abort-application-exceeded-reply-time | — |
| 125 | abort-out-of-resources | — |
| 126 | abort-tsm-timeout | — |
| 127 | abort-window-size-out-of-range | — |
| 128 | file-full | — |
| 129 | inconsistent-configuration | — |
| 130 | inconsistent-object-type | — |
| 131 | internal-error | — |
| 132 | not-configured | — |
| 133 | out-of-memory | — |
| 134 | value-too-long | — |
| 135 | abort-insufficient-security | — |
| 136 | abort-security-error | — |
| 137 | duplicate-entry | — |
| 138 | invalid-value-in-this-state | — |
| 139 | invalid-operation-in-this-state | — |
| 140 | list-item-not-numbered | — |
| 141 | list-item-not-timestamped | — |
| 142 | invalid-data-encoding | — |
| 143 | bvlc-function-unknown | — |
| 145 | header-encoding-error | — |
| 146 | header-not-understood | — |
| 147 | message-incomplete | — |
| 148 | not-a-bacnet-sc-hub | — |
| 149 | payload-expected | — |
| 150 | unexpected-data | — |
| 151 | node-duplicate-vmac | — |
| 152 | http-unexpected-response-code | — |
| 153 | http-no-upgrade | — |
| 154 | http-resource-not-local | — |
| 155 | http-proxy-authentication-failed | — |
| 156 | http-response-timeout | — |
| 157 | http-response-syntax-error | — |
| 158 | http-response-value-error | — |
| 159 | http-response-missing-header | — |
| 160 | http-websocket-header-error | — |
| 161 | http-upgrade-required | — |
| 162 | http-upgrade-error | — |
| 163 | http-temporary-unavailable | — |
| 164 | http-not-a-server | — |
| 165 | http-error | — |
| 166 | websocket-scheme-not-supported | — |
| 167 | websocket-unknown-control-message | — |
| 168 | websocket-close-error | — |
| 169 | websocket-closed-by-peer | — |
| 170 | websocket-endpoint-leaves | — |
| 171 | websocket-protocol-error | — |
| 172 | websocket-data-not-accepted | — |
| 173 | websocket-closed-abnormally | — |
| 174 | websocket-data-inconsistent | — |
| 175 | websocket-data-against-policy | — |
| 176 | websocket-frame-too-long | — |
| 177 | websocket-extension-missing | — |
| 178 | websocket-request-unavailable | — |
| 179 | websocket-error | — |
| 180 | tls-client-certificate-error | — |
| 181 | tls-server-certificate-error | — |
| 182 | tls-client-authentication-failed | — |
| 183 | tls-server-authentication-failed | — |
| 184 | tls-client-certificate-expired | — |
| 185 | tls-server-certificate-expired | — |
| 186 | tls-client-certificate-revoked | — |
| 187 | tls-server-certificate-revoked | — |
| 188 | tls-error | — |
| 189 | dns-unavailable | — |
| 190 | dns-name-resolution-failed | — |
| 191 | dns-resolver-failure | — |
| 192 | dns-error | — |
| 193 | tcp-connect-timeout | — |
| 194 | tcp-connection-refused | — |
| 195 | tcp-closed-by-local | — |
| 196 | tcp-closed-other | — |
| 197 | tcp-error | — |
| 198 | ip-address-not-reachable | — |
| 199 | ip-error | — |
| 200 | certificate-expired | — |
| 201 | certificate-invalid | — |
| 202 | certificate-malformed | — |
| 203 | certificate-revoked | — |
| 204 | unknown-security-key | — |
| 205 | referenced-port-in-error | — |
| 206 | not-enabled | — |
| 207 | adjust-scope-required | — |
| 208 | auth-scope-required | — |
| 209 | bind-scope-required | — |
| 210 | config-scope-required | — |
| 211 | control-scope-required | — |
| 212 | extended-scope-required | — |
| 213 | incorrect-client | — |
| 214 | install-scope-required | — |
| 215 | insufficient-scope | — |
| 217 | no-policy | — |
| 218 | revoked-token | — |
| 219 | override-scope-required | — |
| 220 | inactive-token | — |
| 221 | unknown-audience | — |
| 222 | unknown-client | — |
| 223 | unknown-scope | — |
| 224 | view-scope-required | — |
| 225 | incorrect-audience | — |
| 226 | incorrect-client-origin | — |
| 227 | invalid-array-size | — |
| 228 | incorrect-issuer | — |
| 229 | invalid-token | — |
| No codes match that filter. | ||
| Class | Name | What it means |
|---|---|---|
| 0 | device | Device-level refusal: it's busy, mid-configuration, or has an operational problem and cannot service the request; usually transient, so retry. |
| 1 | object | The target object is the problem: unknown-object (wrong instance number), wrong type, or a create or delete the device forbids; verify the object-id. |
| 2 | property | The addressed property is at fault: unknown-property, write-access-denied (read-only), value-out-of-range, or a wrong datatype or array index. |
| 3 | resources | Device is out of memory or space: no room to create the object, add a list element, or store the value; often a full points or objects table. |
| 4 | security | Security check failed: bad password, authentication failure, incompatible security levels, or a key or encryption error blocked the request. |
| 5 | services | The service request is malformed: missing or inconsistent parameters, invalid tag encoding, or a parameter out of range; usually a client or stack bug. |
| 6 | vt | Virtual Terminal session errors: unknown VT class or session, none available, or already closed; a legacy text-terminal feature you'll rarely see. |
| 7 | communication | Message-transport problems: comms disabled by DCC, a duplicate or incomplete message, or an unknown network or route; check DCC state and routing. |
| No classes match that filter. | ||
| Reason | Name | What it means |
|---|---|---|
| 0 | other | Catch-all reject for a parse-level rejection that fits none of the defined codes; grab the raw APDU with a sniffer to see what tripped it. |
| 1 | buffer-overflow | Request exceeded the receiver's decode buffer, so it couldn't be fully decoded and was rejected; usually an oversized APDU to a device with a small Max-APDU. |
| 2 | inconsistent-parameters | Each argument decoded fine but they contradict one another, so the request can't be honored; a combination the service won't accept together. |
| 3 | invalid-parameter-data-type | An argument's encoded type isn't what the service expects, like a Real where an Unsigned belongs; usually an encoder bug on the sender. |
| 4 | invalid-tag | A context or application tag is wrong or misplaced, so the decoder lost the byte stream; classic hand-rolled or buggy encoder symptom. |
| 5 | missing-required-parameter | A mandatory argument for the service wasn't present; the sender omitted a required field the decoder needs to proceed. |
| 6 | parameter-out-of-range | An argument decoded but its value sits outside the range that field allows, such as an index or choice beyond the service's limits. |
| 7 | too-many-arguments | The request carried more arguments than the service defines; extra trailing parameters the decoder didn't expect to find. |
| 8 | undefined-enumeration | An enumerated argument held a value not defined for that enum; often a newer or proprietary code the receiver can't map. |
| 9 | unrecognized-service | The PDU parsed but the device doesn't implement that service choice; the requested service simply isn't supported here. |
| 10 | invalid-data-encoding | The bytes decode but do not form a legal encoding for their datatype — malformed at the datatype level, not just a bad tag. A later-edition reason older stacks will not send. |
| No reject reasons match that filter. | ||
| Reason | Name | What it means |
|---|---|---|
| 0 | other | Catch-all when no listed reason fits; the device tore down the transaction without saying why, so a packet capture is your only lead. |
| 1 | buffer-overflow | Receiver ran out of buffer space mid-transaction, usually a segmented message too big for a small device to reassemble; cut APDU size or segment count. |
| 2 | invalid-apdu-in-this-state | A segment or ACK the state machine wasn't expecting — often a stale duplicate retransmit, or a client reusing an invoke ID before its prior transaction closed. |
| 3 | preempted-by-higher-priority-task | Device intentionally abandoned this lower-priority transaction for more urgent internal work like reinitialization; uncommon, and not a load or slot issue. |
| 4 | segmentation-not-supported | The reply won't fit one APDU and this device can't segment; ask for less — smaller ReadPropertyMultiple or ReadRange chunks. |
| 5 | security-error | A BACnet network-security check failed — bad signature, key mismatch, or replayed message; verify keys and time sync across the secured devices. |
| 6 | insufficient-security | Message came in below the security level this operation requires; the peer must sign or encrypt to the policy minimum before the device will proceed. |
| 7 | window-size-out-of-range | The proposed segmentation window size fell outside the legal 1 to 127, or beyond what this device accepts — a botched segment-ACK negotiation. |
| 8 | application-exceeded-reply-time | The application layer took too long to build the response and the transaction was torn down; slow backend, blocked point, or an overloaded controller. |
| 9 | out-of-resources | Device has no free state-machine slots, memory, or handles left to continue; common on small controllers under heavy polling — throttle or stagger polls. |
| 10 | tsm-timeout | Transaction state machine timed out waiting for the next segment or ACK; usually a dropped packet, an offline peer, or MS/TP token loss. |
| 11 | apdu-too-long | The APDU exceeds the receiver's Max APDU Length Accepted and can't be segmented; shrink the request or response, or enable segmentation. |
| No abort reasons match that filter. | ||
Enumerations imported from bacnet-stack's error enums (the de-facto machine-readable form of the ASHRAE 135 error tables, which are paywalled) — retrieved 2026-07-12: 8 classes, 225 error codes, 11 reject reasons, 12 abort reasons. Descriptions cover the field-common values; the long tail (BACnet/SC transport, HTTP / TLS / DNS, OAuth-scope codes added in later editions) is listed name-only. Verify exact normative wording against the standard.
Error vs. Reject vs. Abort
All three are a "no," but they fail at different points, and the difference tells you where to look. A BACnet-Error means your request was well-formed and the service ran — the device understood exactly what you asked and refused it, so it hands back an error class (the category) and an error code (the specific reason). This is the common one: unknown-property, write-access-denied, value-out-of-range.
A BACnet-Reject means the request never got that far — the APDU was malformed, mis-encoded, or used a service the device does not implement, so it was thrown out at the protocol layer before the service ran. A BACnet-Abort means a transaction that had already started was torn down mid-flight — almost always segmentation, a TSM timeout, or the device running out of buffer or resources. Reject points at the message; Abort points at the transport or the device's capacity.
Reading an error class and code
A BACnet-Error always carries the pair. The class buckets the problem — device, object, property, resources, security, services, vt, or communication — and the code is the specific message inside that bucket. In practice the code is what you act on; the class just tells you which subsystem raised it. The same code number can legitimately appear under more than one class, so decode both.
Classes 0–63 and the standard code range are ASHRAE's; a class 64 or above is a vendor-proprietary error, and its meaning lives in that manufacturer's documentation — the Vendor ID lookup tells you whose. The Object Reference covers the object types and properties these errors refer to.