Error Invalid Cap 320 (0x140): Fix it in 5 Steps

To fix this issue, you need to adjust the policies in Active Directory

Fix

Reading time icon 2 min. read

Calendar icon Published on

by Milan Stanojevic 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

ERROR_INVALID_CAP is a developer error, and it often comes with 320 (0x140) The Central Access Policy obtained from Active Directory is invalid message. Today we’re going to take a closer look at this error and see how to fix it.

How can I fix ERROR_INVALID_CAP?

1. Validate Central Access Policies in Active Directory

  1. Navigate to Active Directory Administrative Center.
  2. Open Tools and select Active Directory Administrative Center.
    active directory administrative center
  3. Next, go to Dynamic Access Control and then select Central Access Policies.
    dynamic access control
  4. Ensure that CAPs are properly defined and linked to the correct rules.
  5. Correct any missing or invalid policies.

2. Force the group policy update or verify directory replication

  1. Press the Windows key + S and type cmd. Select Run as administrator.
    CMD elevated - ERROR_NO_RANGES_PROCESSED
  2. Run the following command to force the Group Policy update:  gpupdate /force
  3. Check for replication issues with the following command: repadmin /replsummary
  4. If any replication issues are detected, you’ll need to manually troubleshoot them.

3. Remote Central Access Policy from the resource

  1. Right-click the affected file or folder.
  2. Select Properties and then go to the Security tab. Click on Advanced.
  3. Under the Central Policy Staging, remove the assigned CAP.

Do this if CAP is unnecessary or if it’s causing issues.

4. Disable Dynamic Access Control

  1. Open Group Policy Management Console.
  2. Head to Computer Configuration,select Policies, and then Administrative Templates.
    administrative templates
  3. After that, select System and choose KDC.
  4. Disable any policies related to Dynamic Access Control or Kerberos client support for claims, compound authentication, and Kerberos armoring.

5. Check Event Viewer

  1. Press the Windows key + X and choose Event Viewer.
  2. Navigate to Windows Logs and then select Security or System.
    System Event viewer 0x80070000
  3. Look for errors related to Central Access Policies or Active Directory.
  4. Use the information to research the issues further.

The ERROR_INVALID_CAP can be difficult to deal with, but unless you’re a developer you probably won’t ever encounter it. These aren’t the only issues, and you may encounter Error_Invalid_Token or Error_Invalid_Name.

Before you leave, you might be interested in our ERROR_INVALID_PARAMETER guide for more information.

More about the topics: error

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

User forum

0 messages