Does this means device nvr appear in any dot1x or mab auth? Error: "22056 Subject not found in the a...

getaway51 · ‎11-25-2019

Hi,

Can I say tht this device nvr authenticated via dot1x and mab? Therefore if continue for few months or so, the device is inactive and can be removed from the customized identity group?

FailureReason: 22056 Subject not found in the applicable identity store(s)

Thanks!!!

nspasov · ‎11-25-2019

On the contrary. This error message indicates an authentication failure due to the identity (Endpoint or user) was not found in the identity store that you have defined in your authentication rule. For instance, if you are doing user-based authentication against AD, this error message would indicate that such a user does not exist in the Active Directory.

I hope this helps!

Thank you for rating helpful posts!

getaway51 · ‎11-29-2019

Hi,

Firstly user will go for dot1x, then mab auth.

"22056 Subject not found in the applicable identity store(s)"-In MAB, does this indicate the device not found in the customized mac address group? fyi, I added the mac addresses of those devices into a specific customized mac address group.

"For instance, if you are doing user-based authentication against AD, this error message would indicate that such a user does not exist in the Active Directory."-this could be wrong user password input?

nspasov · ‎11-29-2019

Exactly. If you are doing MAB and you get this message, then that means that ISE was unable to locate that mac address in the identity store that you had configured in your authentication policy.

Thank you for rating helpful posts!

Does this means device nvr appear in any dot1x or mab auth? Error: "22056 Subject not found in the applicable identity store(s)"