Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2736
Views
20
Helpful
3
Replies

Cisco ISE Authentication failed - 24206 User disabled

Go to solution
ArjunB
Level 1
Level 1

‎06-23-2022 05:58 AM

Hello,

In my environment, Cisco ISE 2.2 is being used as the RADIUS authentication server for a WLAN that uses WPA2 and 802.1X for authentication. On Cisco ISE, Network Access Users have been created for the users using that WLAN who basically use a Username and Password created for them.

Several times a day, the users are being disabled on ISE and as a result they cannot authenticate. In the RADIUS log, I see these messages:

Authentication Details

Source Timestamp2022-06-23 07:33:08.583
Received Timestamp2022-06-23 07:33:08.583
Policy Server<ise-node-name>
Event5400 Authentication failed
Failure Reason24206 User disabled
ResolutionCheck whether the user account in Internal database is enabled
Root causeUser marked disabled in Internal database.

 

As a solution, I am having to enable the users manually. 

Are any of you having similar issue? Is there any workaround for the remediation? 

Any suggestion would be highly appreciated.

BR

 

 

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-05-2022 10:55 PM

There are no real details to under HOW the users are getting disabled.

Since there are no logs or other details, I suggest creating a TAC case to see if they can troubleshoot this problem.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎06-23-2022 07:12 AM

 

 - Check these threads , they may provide hints :

        https://community.cisco.com/t5/wireless/cisco-ise-issue-24206-user-disabled/td-p/2453846

        https://community.cisco.com/t5/network-access-control/ise-2-0-24206-user-disabled-sponsor-portal/td-p/2969003

   Also note your ISE version is getting quite old, this may also lead to incompatibilities with software version(s) on NAD's (controllers and switches).  Take note of this link for future references :

                 https://community.cisco.com/t5/security-documents/ise-version-upgrade-matrix/ta-p/3653501

 M. 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-05-2022 10:55 PM

There are no real details to under HOW the users are getting disabled.

Since there are no logs or other details, I suggest creating a TAC case to see if they can troubleshoot this problem.

0 Helpful
Customers Also Viewed These Support Documents
Top