The server requires additional security data from the client before the authentication exchange can complete.