0333 900 0101

10 Common Access Control Issues (and How to Fix Them)

Common Access Control Issues

Even well-specified systems develop niggles: a door that refuses to open for a valid card, a reader that goes “dead”, a lobby that bottlenecks every morning. Most faults trace back to four roots—mechanics, power, configuration, or integration—and you can usually locate the culprit quickly with a disciplined approach. This guide explains the most common issues we encounter on UK estates, what typically causes them, and how to fix (and prevent) recurrences. Throughout, we point back to recognised UK guidance so your fixes are defensible and safe.

If you’d prefer an engineer to audit and tune your system end-to-end, our team can help with surveys, remedial works and upgrades. (See: Commercial Access Control Installation)

0333 900 0101 sales@network-data-cabling.co.uk Contact us

1) A valid card or fob is rejected at one or more doors

What you’ll see. Users who can enter elsewhere are denied at a specific door, or denials occur only at certain times.

Likely causes. The person isn’t in the right access group for that door; a time schedule or holiday mode is excluding them; anti-passback or occupancy rules are in effect; or the credential has expired after a recent role change. In multi-site estates, we also see doors on the wrong site profile after database tidy-ups.

How to fix. Check the event log for the exact reason code, then review the user’s groups and schedules. Confirm the door is mapped to the intended zone and site, and that controller time is synchronised. This is classic AACS housekeeping—the system’s point is to control who goes where and when, and denials usually mean policy is doing what it was told (just not what you expected). 

Prevent it. Align groups to HR roles, use start/end dates for contractors, and review holiday tables pre-season.

2) Reader appears “dead” or intermittent

What you’ll see. No LEDs or beeps; sporadic reads; door relays not firing.

Likely causes. Power loss (blown fuse, PSU fault, PoE budget exceeded), cable damage at the hinge line, or water ingress on external readers. If the reader talks OSDP/Wiegand to a controller, a loose data pair will mimic a dead reader.

How to fix. Confirm supply and polarity at the reader head, then trace back to the controller/PSU or PoE port. If powered, check the data pair continuity and termination. For PoE, verify the switch’s power budget and port class. When repairing or extending circuits, stick to the recognised electrical baseline—BS 7671 (IET Wiring Regulations)—so the fix is safe and auditable. 

Prevent it. Use proper cable strain relief at door loops, seal external housings, and log PoE consumption when you add devices.

3) Doors don’t release on fire alarm or power loss

What you’ll see. A fire test runs and an electronically held door stays locked, or releases on alarm but not on a relevant fault.

Why it matters. This is a life-safety defect. UK practice requires that doors on escape routes reliably release on fire alarm and on defined faults, with the “critical signal path” (between the fire system and door release) designed and supervised accordingly.

How to fix. Involve your fire contractor and access integrator. Verify that the release hardware and interface match the strategy for that door (fail-safe vs fail-secure), confirm the interface module wiring, and prove the behaviour under alarm and simulated fault. The latest amendment to BS 7273-4:2015+A2:2023 clarifies expectations for the critical signal path and the use of radio/acoustic mechanisms; use it to frame the remedial works and commissioning tests. 

Prevent it. Treat fire-interface behaviour as a design line-item, witness-test it at commissioning, and re-test during drills.

4) “Door held open” or “forced door” alarms won’t stop

What you’ll see. Endless alerts at one door; operators start ignoring them.

Likely causes. Mechanical drift: a tired closer, warped leaf, misaligned keep or contact, or a reed switch fitted too far from the magnet. Electrically, noisy contacts or poorly shielded runs near interference can chatter inputs.

How to fix. Start with the mechanics: adjust or replace the closer, re-square the strike, and realign or replace the contact with a monitored type if needed. Then confirm input debounce settings, cable integrity and earth bonding where specified.

Prevent it. Include door alignment and contact checks in routine maintenance and record changes so patterns become obvious over time. (For formal maintenance disciplines and commissioning norms, NSI’s NCP 109 is a useful baseline to hold suppliers to.) 

5) Tailgating and morning queues at the lobby

What you’ll see. Security team report piggy-backing through busy doors; at peak times queues form and people start propping doors.

Likely causes. Reader placement and throughput don’t match demand; only one reader is handling hundreds of arrivals; no optical turnstiles or “two-factor” at sensitive points; no visual deterrent.

How to fix. Move readers to the natural approach and add lanes to match peak flow. Where risk warrants, add anti-passback or turnstiles. Pairing doors with CCTV helps—events can pull up the camera view for operators, and bookmarked incidents are easier to investigate. We outline practical patterns here: CCTV–Access Control–Alarm Integration.

Prevent it. Design for the busiest five minutes, not the average. In low-risk lobbies, consider touch-free or mobile credentials to speed movement without sacrificing audit.

0333 900 0101 sales@network-data-cabling.co.uk Contact us

6) Intercom works, but visitor releases aren’t logged

What you’ll see. Reception can talk to callers and buzz them in, yet there’s no access event in the system—or the door releases when it shouldn’t.

Likely causes. The entry phone is wired directly to the lock power rather than via the door controller; the SIP/relay integration never made it from “phase two” to reality; or time-limited visitor passes aren’t being issued.

How to fix. Re-route the release via the controller so every grant creates an auditable event. If the intercom is IP/SIP, integrate via supported API/relays rather than parallel wiring. Then adopt a simple visitor pass workflow so reception can issue, time-limit and revoke credentials cleanly. For design options and a sense of what “good” looks like, see our page on Entry Phone Installation.

Prevent it. Script the reception journey and make it part of acceptance testing; train staff and review monthly.

7) Schedules and bank-holiday rules misbehave

What you’ll see. Doors stay open late, cleaners can’t get in on a holiday, or time-zones seem “off”.

Likely causes. Controller clock drift, wrong time-zone/DST setting, or a missing entry in the holiday table. In cloud-managed platforms, the site may be pinned to the wrong region; in multi-site estates, only some sites received the new calendar.

How to fix. Point controllers and servers at a reliable NTP source, check the estate’s time-zone/DST rules, and use a single, re-usable holiday list across sites. Audit schedules quarterly and before public holidays.

Prevent it. Add time-sync and schedule reviews to your BAU runbook; make a change request whenever HR updates holiday policy.

8) Controller or door goes “offline” on the network

What you’ll see. A door reports offline in the admin console; events buffer and flood in later, or the door appears to stop enforcing policy.

Likely causes. VLAN/firewall changes, DHCP lease problems, Spanning Tree/timeouts on edge ports, or PoE brown-outs during switch failover. In cloud models, a proxy or SSL inspection can also upset controller communications.

How to fix. Confirm the controller’s addressing and switchport state, disable unnecessary “helpful” features (e.g., security devices often prefer fixed portfast-like configs), and ensure the management plane is reachable through the firewall policy intended for the platform. Architecturally, design for deterministic decisions at the edge so doors keep enforcing cached permissions during WAN/server hiccups, then reconcile later—this is consistent with recognised EACS performance baselines. 

Prevent it. Place devices on a segmented VLAN, document firewall rules, and monitor link flaps so you catch patterns before they bite. If you’re modernising the wider estate, our overview of IP Security System Installation shows how to build a resilient fabric for converged security.

9) Wireless locks misbehave (lag, missed updates, flat batteries)

What you’ll see. Credentials take too long to propagate; some doors don’t pick up policy changes; battery warnings arrive late—or not at all.

Likely causes. Gateways are poorly sited or under-provisioned; battery change cycles aren’t aligned to duty cycles; firmware update windows are ad-hoc.

How to fix. Survey radio coverage properly, add gateways where needed, and schedule synchronisation more frequently during onboarding bursts. Implement a battery replacement cadence and log it like any other critical component. Fold wireless devices into your formal maintenance plan; NSI’s code of practice sets expectations for documenting power arrangements, maintenance responsibilities and software support—use it to structure supplier commitments. 

Prevent it. Treat batteries and firmware as first-class assets in your PPM; alert on low-battery and sync failures to a monitored queue, not a shared mailbox.

10) Electrical gremlins: nuisance resets, random lock releases

What you’ll see. Devices reboot spontaneously; a lock releases when a nearby motor starts; faults vanish when the electrician leaves.

Likely causes. Under-rated or poorly earthed power supplies, noisy mains, shared circuits with inductive loads, or ad-hoc extensions that don’t meet wiring best practice.

How to fix. Isolate supplies, fit appropriately rated PSUs with clean standby, separate security devices from “dirty” loads, and ensure earthing/bonding meets standard practice. When in doubt, bring works back to the recognised UK electrical baseline—BS 7671—which the HSE treats as the benchmark for electrical safety in installations. 

Prevent it. Document circuits and label terminations; supervise PSUs; and include controlled power-loss tests in commissioning so you know behaviour under fault.

When fixes should come with paperwork

Quick wins are fine, but access control protects people and assets; fixes should be engineered and evidenced. If you’re replacing hardware, altering fire interfaces, or materially changing behaviour, align the outcome to BS EN 60839-11-1 (system & component requirements) and deliver the work to a recognised code such as NSI NCP 109 so acceptance, documentation and testing are predictable. That approach keeps your insurer and auditors happy—and it prevents the same fault returning under a different name. 

Need a hand?

If you want a structured health-check that finds and fixes these issues in one pass—and leaves you with clean documentation and trained admins—our engineers can help design, remediate and future-proof your estate. (See: Commercial Access Control Installation)

 

0333 900 0101 sales@network-data-cabling.co.uk Contact us

Get in touch today

Have a no-obligation chat with one of our data cabling experts, who can recommend a solution to suit your requirements and budget.

0333 900 0101 sales@network-data-cabling.co.uk Contact us