topic Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out) in Network Access Control

Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

Tabish Mirza — Mon, 11 Mar 2019 02:58:59 GMT

Hi,

I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.

Error is enclosed & here is the port configuration.

Port Configuration.

interface GigabitEthernet0/2

switchport access vlan 120

switchport mode access

switchport voice vlan 121

authentication event fail action next-method

authentication event server dead action reinitialize vlan 120

authentication event server alive action reinitialize

authentication host-mode multi-auth

authentication order mab dot1x

authentication priority dot1x mab

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

mab

dot1x pae authenticator

dot1x timeout tx-period 60

spanning-tree portfast

ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
switchport access vlan 120
switchport mode access
switchport voice vlan 121
authentication event fail action next-method
authentication event server dead action reinitialize vlan 120
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 60
spanning-tree portfast
ip dhcp snooping limit rate 30

Please help.

Cisco ISE (Authentication failed: 24415 User authentication agai

Tarik Admani — Thu, 17 Jan 2013 05:08:16 GMT

Are all the users on the same switch experiencing this issue? You may want to doublecheck the shared secret.

Thanks,

Tarik Admani
*Please rate helpful posts*

Re: Cisco ISE (Authentication failed: 24415 User authentication

Tabish Mirza — Sat, 19 Jan 2013 05:03:43 GMT

No only subset of users getting this issue. Rest is working fine.

Sent from Cisco Technical Support iPhone App

Cisco ISE (Authentication failed: 24415 User authentication agai

minkumar — Mon, 21 Jan 2013 22:53:06 GMT

The error message means that Active Directory server Reject the authentication attempt 
as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
Event Logs why did the user account got locked.


Under Even Viewers, You can find it out


Regards
Minakshi (Do rate the helpful posts)

Re: Cisco ISE (Authentication failed: 24415 User authentication agains

josealmh — Mon, 04 Aug 2025 16:50:40 GMT

Verify that the DHCP scope has enough available IP addresses to lease.

I encountered an issue where Cisco ISE was showing the error:
"User authentication against Active Directory failed since user's account is locked out."
However, after checking in Active Directory, there were no events indicating the user account was actually locked.

The root cause turned out to be an exhausted DHCP IP pool. The DHCP server had no available IP addresses to assign.

Expanding the IP address range of the subnet resolved the issue.