cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2908
Views
5
Helpful
3
Replies

ISE 2.0 - 24206 User Disabled (Sponsor Portal)

LvdWilligen
Level 1
Level 1

Hi fellow engineers!

Today I came across a new problem with ISE. I hope you are familiar with this:

I've created a Sponsor Portal and created serveral guest users. One of them is named "ldeman01".

When I try to log in (on my WiFi network), I see an error in the RADIUS log "24206 User Disabled" (User marked disabled in internal database). I am sure the correct policy set is used.

When I try a non-existing account, I get a different error (subject not found in internal store).

I can connect using the same ID Sequence (sponsor_portal_sequence) with internally created accounts (group: ALL_ACCOUNTS). Within the sequence, I look for Guest accounts and if that fails, for internal accounts.

The strange thing is that after succesfully logging in with an Internal account (on my 802.1x wifi) and reconnecting a few times, i will eventually not be able to login anymore and will keep receiving "access_rejects" in my WLC. Using different devices (pc, Phone, etc) with the same account will not solve the issue. Rebooting the WLC does not work. Rebooting ISE works for some time, then the problem reoccurs. After a few hours waiting, logging in will sometimes work again with internally created accounts. However, it never works with guest accounts.

When I am not able to login with my internal account, I will receive the same message as with the guest accounts, "24206 User Disabled".

Looking in the Internal ID store, I see the account "enabled".

In the attachment you'll find the logging of a guest user (ldeman01).

Any ideas what could be wrong?

Cheers,

Lody 

1 Accepted Solution

Accepted Solutions

LvdWilligen
Level 1
Level 1

Issue is solved. It seemed the "Guest Location" was linked to a wrong time-zone. Accounts were not yet activated (due to time difference). Changing it solved the problem.

View solution in original post

3 Replies 3

LvdWilligen
Level 1
Level 1

Issue is solved. It seemed the "Guest Location" was linked to a wrong time-zone. Accounts were not yet activated (due to time difference). Changing it solved the problem.

Thanks LvdWilligen to come back and closed the thread +5 :)

~Jatin

ptst
Level 1
Level 1

Nearly the same here; we should understand "User not yet enabled" instead of "User marked disabled"
This account was still active, but when extending the range, the start time had been set by mistake to some date in the future.
Changing the date to today and the hour to 00:00, solved the problem.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: