topic 24403 user authentication against active directory failed in Network Access Control

24403 user authentication against active directory failed

rhuel.phils — Fri, 21 Feb 2020 18:48:16 GMT

Guys,

We suddenly have issue with our authentication, on live logs we always get 24403 user authentication against active directory failed , BUT as per checking in External Identity Source we able to do Test User and SUCCESS

Anyone have encounter same issue? I have attached some screenshot.

Re: 24403 user authentication against active directory failed

Mark Elsen — Sat, 10 Mar 2018 06:29:18 GMT

- Check if the account is disabled or locked as this can cause the error you're getting.2) check your active directory server's logs, see what is has to say about this particular auth-attempt (if possible enable debugging on the AD).

Re: 24403 user authentication against active directory failed

Mohamed Abd Elnaser Mohamed Mohamed Ali — Sat, 10 Mar 2018 12:38:18 GMT

Hi rhuel.phils
It is not clear from the screenshot why Authentication against Active directory has failed.

Normally I do get more informative errors about AD authentication Failures like these

Authentication failure gainst AD due to account locked out
=============================================
5400 Authentication failed
+
24415 User authentication against Active Directory failed since user's account is locked out

=========================================================================
Authentication failure gainst AD due to wrong password
==========================================================
5400 Authentication failed
+
24408 User authentication against Active Directory failed since user has entered the wrong password

=========================================================================
Authentication failure gainst AD due to account is disabled
=============================================
5400 Authentication failed
+
24409 User authentication against Active Directory failed since the user's account is disabled

========================================================================

Check the following:
- AD Domain Controller and Your ISE PSN node are NTP Synced (no more than 5 min difference) --> Although your test would have failed also.

If you can share the first screen shot complete especially the right hand side RADIUS steps as it include more information about the AD connection about what might happened?

Also did this happen only once or it is so frequently happening --> you may run the Diagnostic tool in the AD connector to see any errors or warnings

Re: 24403 user authentication against active directory failed

soebeginner — Wed, 22 May 2019 05:32:33 GMT

Hi!
Saw your post about 24408 User authentication against Active Directory failed since user has entered the wrong password.
Is there any failure code number specific for failed authentication against local accounts (e.g. admin) ?

Re: 24403 user authentication against active directory failed

Sathiyanarayanan Ravindran — Wed, 22 May 2019 19:59:38 GMT

If the account is configured on the ACS for login. That time you will get a error code as below.

Message Text	Failed-Attempt: Authentication failed
Failure Reason	22040 Wrong password or invalid shared secret