Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
30670
Views
0
Helpful
4
Replies

22056 Subject not found in the applicable identity store(s). : Authentication failed

deon.steyn1
Level 1
Level 1

‎04-22-2016 06:53 AM

Hi,

I'm running Cisco ACS version 5.3.0.40, all is working 100%.

I use this ACS box in a hosted environment. This is for all my VPN users connecting to my LAN.

Today for the first time I tried to connect with my Macbook using Cisco AnyConnect Sceure Mobility Client version 3.1.

The connection failed with error 22056 Subject not found in the applicable identity store(s). With the same account on a Windows 10 Machine it works 100%

Any suggestions on what to look for?

Labels:
0 Helpful
4 Replies 4

Marius Gunnerud
VIP
VIP

‎04-22-2016 11:14 AM

Which MAC version are you running?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

deon.steyn1
Level 1
Level 1
In response to Marius Gunnerud

‎05-03-2016 02:40 AM

Running version 10.10.5 - OS X Yosemite

0 Helpful

Marius Gunnerud
VIP
VIP
In response to deon.steyn1

‎05-05-2016 03:04 AM

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/113485-acs5x-tshoot.html#p6

Problem: 22056 Subject not found in the applicable identity store(s)

AD users do not get authenticated with ACS version 5.x and receive this error message: 22056 Subject not found in the applicable identity store(s).

Solution

This error message occurs when the ACS failed to find the user in the first listed database that is configured in the Identity store sequence. This is an informational message and does not affect the performance of the ACS. The way that ACS 5.x performs the authentication for internal or external users is different than the previous 4.x version. With the 5.x version, there is an option called Identity Store Sequence to define the sequence of user databases to be authenticated. For more information, refer to Configuring Identity Store Sequences.

If you receive this error when you are using the ACS to authenticate requests against a Child Domain, then you have to add a UPN suffix or NETBIOS prefix to the username. For more information, refer to the Notes in the Microsoft AD section.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

deon.steyn1
Level 1
Level 1
In response to Marius Gunnerud

‎05-10-2016 12:24 AM

HI Marius,

Thanks for the response, we are not using AD to authenticate, just authenticate on Cisco ACS, the weird thing is that the macbook says The anyConnect package on the secure gateway could not be located.

But on Cisco ACS it shows that the authentication was successful and user is connected.

0 Helpful
Customers Also Viewed These Support Documents