Solved: Re: AD user blocks every time in Cisco ISE

anxo.darosa · ‎08-01-2022

Good morning,

I have a user in AD who is blocked all time in Cisco ISE (Screenshot 1 and 2).

Firstly, i had this issue "24415 User authentication against AD failed since user's account is locked out"(Screenshot 3).

I changed some configurations (Screenshot 4) to (Screenshot 5).

And following this information (https://community.cisco.com/t5/network-access-control/prevent-ad-account-being-locked-out-by-failed-authentications/td-p/3727650) i did this changes (Screenshot 6).

But now, the account follows blocked and i have a different issue (Screenshot 7 and 8).

Could you help me?

Thank so much.

michael18 · ‎08-01-2022

I had a similar issue. The user had logged into another device at some point. When resetting their password on a new device the old one was still trying to use the old password and locking the account. You will have to find that device or change the username.

View solution in original post

ahollifield · ‎08-03-2022

You could put in a condition to block that endpoint MAC address that has the wrong password. The "correct" fix is to track down that device and correct the endpoint configuration issue.

View solution in original post

michael18 · ‎08-01-2022

I had a similar issue. The user had logged into another device at some point. When resetting their password on a new device the old one was still trying to use the old password and locking the account. You will have to find that device or change the username.

anxo.darosa · ‎08-03-2022

Hi michael18,

Thank so much for your answer.
The problem is that the user is blocked every 5 min and it is impossible to work on this way.
Did you do something related from the Cisco ISE side?

ahollifield · ‎08-03-2022

You could put in a condition to block that endpoint MAC address that has the wrong password. The "correct" fix is to track down that device and correct the endpoint configuration issue.