Description
STATUS_ACCOUNT_EXPIRED (hex code 0xC0000193, decimal -1073741421) is a Windows warning-level error code in the NT Status Codes family. Microsoft surfaces this code through the Win32 API, the Common Language Runtime, the kernel, the event log, PowerShell, command-line tools (sfc, dism, gpupdate, sc), and Windows-side applications such as Outlook, Teams, Office, and System Center.
The user account has expired.
This page documents what triggers 0xC0000193, the most common scenarios where it appears, the likely root causes, and a step-by-step troubleshooting workflow you can run against affected endpoints. It is intended for system administrators, MSP technicians, helpdesk engineers, and anyone diagnosing Windows behavior in a managed environment.
In-depth explanation
This is a warning-severity code. The operation did not necessarily fail; Windows may have completed it with side effects, conflicts, or a state that requires user attention. It is normally safe to retry, but should still be logged so repeated occurrences can be triaged.
It is an NTSTATUS code (returned from kernel APIs). Win32 may translate it into a more familiar ERROR_* equivalent through RtlNtStatusToDosError.
The code can be looked up programmatically in PowerShell with [ComponentModel.Win32Exception]::new(-1073741421).Message (for Win32 / NTSTATUS codes that map cleanly), or with net helpmsg <decimal> for the legacy decimal range. For HRESULT-style codes, decode the facility and code with err.exe from the SDK or via the WinDbg !error command.
Common causes
- Kernel-mode caller passed an invalid parameter or handle.
- Driver bug in a third-party filter, antivirus, or backup agent.
- Memory pressure — paged or non-paged pool exhausted.
- Concurrent access conflict on a kernel object.
- Volume / registry hive corruption preventing the operation.
Troubleshooting steps
- Inspect the System event log around the failure for the matching
NTSTATUSentry, including the originating process and module. - If a kernel-mode driver is implicated, capture a kernel dump and analyze with WinDbg (
!analyze -v). - Run
sfc /scannowandDISM /Online /Cleanup-Image /RestoreHealthto rule out OS-level corruption. - Check for matching Win32 errors via
RtlNtStatusToDosError— most NT statuses have a more familiarERROR_*sibling that is easier to triage. - Repro with Process Monitor (
procmon) to capture the exact API call, parameters, and stack at the moment of failure.
Decode in PowerShell
# Decode 0xC0000193 (-1073741421) in PowerShell
[ComponentModel.Win32Exception]::new(-1073741421).Message
# Or via WinDbg / err.exe (Windows SDK)
# err 0xC0000193
# Or net helpmsg (legacy decimal range only)
# net helpmsg <decimal>Frequently asked questions
What does the Windows error code 0xC0000193 mean?
STATUS_ACCOUNT_EXPIRED (decimal -1073741421). The user account has expired.How do I decode 0xC0000193 in PowerShell?
[ComponentModel.Win32Exception]::new(-1073741421).Message in any PowerShell session. For HRESULT-style codes, use err.exe from the Windows SDK or the WinDbg !error command.Where does Windows typically log this error?
%WinDir%\WindowsUpdate.log; AD/Kerberos → Security event log on the DC; BSOD → minidump under C:\Windows\Minidump; MSI → %TEMP%\msi*.log; WMI → Microsoft-Windows-WMI-Activity). Always cross-reference the timestamp and module name with the Application and System event logs.Is this code recoverable?
Should I open a Microsoft support case for this?
Get-WinEvent export ready before opening the case.