Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12065
Views
3
Helpful
3
Replies

Cisco ISE Failure: 24408 User authentication against Active Directory failed since user has entered the wrong password

Go to solution
Marc Aemmer
Level 1
Level 1

‎06-17-2013 12:29 AM - edited ‎03-10-2019 08:32 PM

Hi,

Since we implemented Cisco ISE we receive the following failure on several Notebooks:

Authentication failed : 24408 User authentication against Active Directory failed since user has entered the wrong password

This happens 2 or 3 times per Day. So basically the authentications are working. But when the failure appears, the connection is lost for a short time.

The Clients are using PEAP(EAP-MSCHAPv2) for Authentication. We've got a Cisco Wireless Environment (WLC 5508).

Why is this happening?

Thanks,

Marc

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-18-2013 01:25 AM

The possible causes of this error message are:

1.] If the end user entered an incorrect username.

2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.

3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.

In your cases, the 3rd option seems to be the most closest one.

.

Jatin Katyal
- Do rate helpful posts -

~Jatin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ravi Singh
Level 7
Level 7

‎06-17-2013 07:43 PM

This error occurs due to wrong password. But as you are saying there is failure, I would like to suggest you that please check when failure happen there is proper connectivity between AD  and ISE. What I feel that there is network issue between ISE and AD

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎06-18-2013 01:25 AM

The possible causes of this error message are:

1.] If the end user entered an incorrect username.

2.] The shared sceret between WLC and ISE is mismatched. With this we'll see continous failed authentication.

3.] As long as a PSN not receiving a response from the supplicant within this limit during an EAP conversation, it will throw this error code. In majority of cases it says eap session timed out.

In your cases, the 3rd option seems to be the most closest one.

.

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful

Go to solution
Prashobcv93
Level 1
Level 1

‎07-13-2022 06:52 AM

Is there a resolution for each possibility?

0 Helpful
Customers Also Viewed These Support Documents