Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
174
Views
1
Helpful
1
Replies

FMC external authentication with RADIUS locks AD user

Robin-H
Level 1
Level 1

‎12-17-2025 01:57 AM

In FMC 7.6.x, we configured two ISE servers as RADIUS External Authentication Object.

The ISE are forwarding the authentication to our Windows AD.

The user now makes one bad login attempt to FMC and the AD account is being locked. AD is set to lock the account after the third bad attempt.

Can I prevent this by setting the "RADIUS-Specific Parameters - Retries" in FMC to 1? It´s currently set to 3. Or is the ISE trying too hard?

0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎12-17-2025 06:36 AM

One question and answers below:

  • Are you saying that a failed authentication triggers 3 or more attempts resulting in AD account lockout? I am asking because I just tested this in my lab with versions 7.7.10 and 10.0 and I could not replicate the issue and only see 1 x failed attempt. 
  • The value for "Retries" dictates the number of attempts against the primary AAA server before switching to the secondary. 
  • You can also explore the Failed Authentication Protection feature in ISE located under the Advanced Settings in your AD ISE configurations

Thank you for rating helpful posts!

Thank you for rating helpful posts!
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card