cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4835
Views
0
Helpful
3
Replies

ACS 5.2 error 22056 Subject not found in the applicable identity store(s)

alejandromx1
Level 1
Level 1

Hi, I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.

The local site topology is like this:

PC - AP - WLC - ACS - AD

Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.

Users was working fine but some users reports intranet disconnections. I see in the ACS log  many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.

I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.

I switched the role for ACS primary to works as secundary and we see the same alarms.

I don´t know is an ACS issue and how do i resolve it..

Please helpme

Thanks...

1 Accepted Solution

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

How are you authenticating these users? Are they present in the ACS local database? If so, did you check the status of the internal account to see if the users account is still active and isnt disabled?

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

3 Replies 3

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

How are you authenticating these users? Are they present in the ACS local database? If so, did you check the status of the internal account to see if the users account is still active and isnt disabled?

Thanks,

Tarik Admani
*Please rate helpful posts*

Hi Tarik

At the start, users set their username and password in   their laptops only. Their laptops are in the company domain and wait to   get access to the wireless company SSID.

The laptop has a company   certificate and wireless profile configured as WPA2 enterprise with  AES.  PEAP with EAP-MSCHAPv2 are selected.

You´re right;  When  user is successfull authenticating I saw in the ACS log that user  is  authenticating in the AD1 identity stor and I see user´s mac address  is  enabled in the local stor too.

I´m going to disable the user´s local account and looking for the other users are local mac adress too. I´ll post it.

Thanks a lot.

david.perez
Level 1
Level 1
I have the same problem, the version of the ACS is 5.6.0.22, The OS in the client users is Windows 7. The users have the certificate company installed but some times the users are authenticated sucessfull and other I see the error ​22056 Subject not found in the applicable identity store(s), I have to enable the MAC address in the local store, when the PC has a connection to the network, restarting the PC and delete the MAC address in the local store the PC works fine.