Symptom
The log message on ISE states "24429 Could not establish connection with Active Directory"
detailed Log on the ISE states:
24430 Authenticating user against Active Directory
24429 Could not establish connection with Active Directory
Conditions
ISE is joined to AD.
When ISE is configured to use AD as ID store and there is a shared secret key mismatch. We see the following log on the dashboard:
"24429 Could not establish connection with Active Directory"
When ISE is configured to use Internal Users as ID Store and there is a shared secret key mismatch. We see the following log on the dashboard:
"Authentication failed : 22040 Wrong password or invalid shared secret"
Issue can be recreated as follows:
1.Connect ISE to AD.
2.Add the ASA to ISE as NAS. Configure the shared secret.
3.Configure AAA server on ASA.Configure a different shared secret key on ASA. i.e. shared secret key mismatch.
4.VPN terminates on ISE. Define the authentication-server of VPN as ISE.
5.define a policy for ASA with ID store as AD on ISE.
6.connect vpn.
7.Check the log on ISE. The log message on ISE states "24429 Could not establish connection with Active Directory"
detailed Log on the ISE states:
24430 Authenticating user against Active Directory
24429 Could not establish connection with Active Directory
If you define the ID Store as "Internal Users", then the log on ISE satest " Authentication failed : 22040 Wrong password or invalid shared secret"
