topic Re: ACS 5.2 error 22056 Subject not found in the applicable identity store(s) in Network Access Control

ACS 5.2 error 22056 Subject not found in the applicable identity store(s)

alejandromx1 — Mon, 11 Mar 2019 02:38:40 GMT

Hi, I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.

The local site topology is like this:

PC - AP - WLC - ACS - AD

Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.

Users was working fine but some users reports intranet disconnections. I see in the ACS log many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.

I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.

I switched the role for ACS primary to works as secundary and we see the same alarms.

I don´t know is an ACS issue and how do i resolve it..

Please helpme

Thanks...

ACS 5.2 error 22056 Subject not found in the applicable identity

Tarik Admani — Mon, 08 Oct 2012 02:54:37 GMT

Hi,

How are you authenticating these users? Are they present in the ACS local database? If so, did you check the status of the internal account to see if the users account is still active and isnt disabled?

Thanks,

Tarik Admani
*Please rate helpful posts*

ACS 5.2 error 22056 Subject not found in the applicable identity

alejandromx1 — Mon, 08 Oct 2012 04:23:37 GMT

Hi Tarik

At the start, users set their username and password in their laptops only. Their laptops are in the company domain and wait to get access to the wireless company SSID.

The laptop has a company certificate and wireless profile configured as WPA2 enterprise with AES. PEAP with EAP-MSCHAPv2 are selected.

You´re right; When user is successfull authenticating I saw in the ACS log that user is authenticating in the AD1 identity stor and I see user´s mac address is enabled in the local stor too.

I´m going to disable the user´s local account and looking for the other users are local mac adress too. I´ll post it.

Thanks a lot.

Re: ACS 5.2 error 22056 Subject not found in the applicable identity store(s)

david.perez — Tue, 05 Dec 2017 20:41:46 GMT

I have the same problem, the version of the ACS is 5.6.0.22, The OS in the client users is Windows 7. The users have the certificate company installed but some times the users are authenticated sucessfull and other I see the error 22056 Subject not found in the applicable identity store(s), I have to enable the MAC address in the local store, when the PC has a connection to the network, restarting the PC and delete the MAC address in the local store the PC works fine.