Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Failure Reason : 22017 DenyAccess Identity Source selected

I just setup a new ACS1120 with ACS 5.1. I am able to authenticate via TACACS+/Active Directory from cisco switches but unable to authenticate using RADIUS/Active Directory from a wireless client. I get the error "Failure Reason : 22017 DenyAccess Identity Source selected" when I check the ACS5.1 log. My setting is supposed to use AD1 for the Identity Store Sequence. I do not know where the DenyAccess Identity Source is coming from.

Please help.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Failure Reason : 22017 DenyAccess Identity Source selected

This error ocurs because the identity policy you have defined has resulted in a result of deny access.

You should review the authentication details to see which access service matched and then which idenity policy rule.

You can see this information in theuthentication details in Monitoring and Troubleshooting infromation

2 REPLIES
Cisco Employee

Re: Failure Reason : 22017 DenyAccess Identity Source selected

This error ocurs because the identity policy you have defined has resulted in a result of deny access.

You should review the authentication details to see which access service matched and then which idenity policy rule.

You can see this information in theuthentication details in Monitoring and Troubleshooting infromation

New Member

Re: Failure Reason : 22017 DenyAccess Identity Source selected

Thanks jrabinow. That works!

2827
Views
5
Helpful
2
Replies