Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5382
Views
0
Helpful
3
Replies

ACS 5.2 error 22056 Subject not found in the applicable identity store(s)

Go to solution
alejandromx1
Level 1
Level 1

‎10-07-2012 06:22 PM - edited ‎03-10-2019 07:38 PM

Hi, I have two ACS v 5.2 (primary and secundary) and some users are in the internal stor and the others are in the AD.

The local site topology is like this:

PC - AP - WLC - ACS - AD

Authentication method is PEAP(EAP-MSCHAPv2) and all user have the certificate company installed. The OS in the client users is Windows 7.

Users was working fine but some users reports intranet disconnections. I see in the ACS log  many "22056 Subject not found in the applicable identity store(s)." and "24415 User authentication against Active Directory failed since user's account is locked out" alarms.

I believed it was because user wasn´t in the AD data base, but some times the same user is authenticated successfull and other i see the "22056...." or "24415...." alarms.

I switched the role for ACS primary to works as secundary and we see the same alarms.

I don´t know is an ACS issue and how do i resolve it..

Please helpme

Thanks...

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎10-07-2012 07:54 PM

Hi,

How are you authenticating these users? Are they present in the ACS local database? If so, did you check the status of the internal account to see if the users account is still active and isnt disabled?

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎10-07-2012 07:54 PM

Hi,

How are you authenticating these users? Are they present in the ACS local database? If so, did you check the status of the internal account to see if the users account is still active and isnt disabled?

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Go to solution
alejandromx1
Level 1
Level 1
In response to Tarik Admani

‎10-07-2012 09:23 PM

Hi Tarik

At the start, users set their username and password in   their laptops only. Their laptops are in the company domain and wait to   get access to the wireless company SSID.

The laptop has a company   certificate and wireless profile configured as WPA2 enterprise with  AES.  PEAP with EAP-MSCHAPv2 are selected.

You´re right;  When  user is successfull authenticating I saw in the ACS log that user  is  authenticating in the AD1 identity stor and I see user´s mac address  is  enabled in the local stor too.

I´m going to disable the user´s local account and looking for the other users are local mac adress too. I´ll post it.

Thanks a lot.

0 Helpful

Go to solution
david.perez
Level 1
Level 1

‎12-05-2017 12:41 PM

I have the same problem, the version of the ACS is 5.6.0.22, The OS in the client users is Windows 7. The users have the certificate company installed but some times the users are authenticated sucessfull and other I see the error ​22056 Subject not found in the applicable identity store(s), I have to enable the MAC address in the local store, when the PC has a connection to the network, restarting the PC and delete the MAC address in the local store the PC works fine.
0 Helpful
Customers Also Viewed These Support Documents