Solved: Cisco ISE Subject not found in the applicable identity store(s)

mrjelly · ‎03-15-2024

Hello,

I am getting an error with a printer authenticating with Cisco ISE for dot1x.

The error is "Subject not found in the applicable identity store(s)".

This is an LDAP identity lookup. It is looking for the alternative subject name DNS, and this is all being seen in the certificate, I can see this in the logs.

In the identity store, if I go to the attribute tab, I can find the printer there so ISE itself appears to be able to see it.

I have ensured the alternative subject name is correct and all printer name fields on the printer line up.

Any help would be much appreciated,

thanks

mrjelly · ‎03-22-2024

ISE was not able to lookup the name using an LDAP external identity.

This was changed to an Active Directory Identity Source, in addition the certificate authentication was changed to look for any SAN name.

This is now working

Printer was Ricoh

View solution in original post

balaji.bandi · ‎03-16-2024

what ISE version ?

Is this worked before you are setting first time ?

where do you see this error ? on ISE Live Logs ?

is the Issue with Printers ? (does Printers support MAB or 802.1X authentication ?)

Subject not found in the applicable identity store(s) - as per the logs your trying to setup authentication the device not found in the identity store you looking in LDAP/AD group.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mrjelly · ‎03-22-2024

ISE was not able to lookup the name using an LDAP external identity.

This was changed to an Active Directory Identity Source, in addition the certificate authentication was changed to look for any SAN name.

This is now working

Printer was Ricoh