The error occurs if you are using restricted Active Directory user accounts in your environment. This means that the user is only allowed to log into certain “whitelisted” clients.
Let’s have a quick look at the actual error message first:
Event 5400 Authentication failed
Failure Reason 24441 ISE machine account is not permitted to log on
This one is quite easy. The only thing you have to do is adding ISE to the allowed computers.
To do so navigate to your user and select Properties -> Account -> Log On To…. The option The following computers should already been set including the allowed computers. Add your ISE nodes to the allowed computers and save the configuration.
Your client should now be able to successfully authenticate again. Keep in mind that you have to add your ISE nodes every time you restrict an Active Directory user.