ISE - GUI login - error " your account has been disabled"

Unanswered Question
Jul 22nd, 2012
User Badges:

Hello ,

I have set 2 admin accounts on the ISE device , both which after a number of days get disabled for no reason , the error message received trying to login

is:

" Your account has been disabled after password expiration. Please contact your system administrator for assistance. "


Once i receive this message i am locked out of the ISE from access via the GUI , to overcome this issue so far i've used the "application reset-passwd ise username" command .

I am trying to understand , is this the proper behavior of the ISE ? if not whats the reason for this behavior ? can this be changed so the password

never expires ?


Thank you ,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tarik Admani Sun, 07/22/2012 - 14:56
User Badges:
  • Green, 3000 points or more

Hi,


You can change this setting in Administration > Admin Access > Password Policy (by default the account is set to expire every 45 days).


Thanks,



Tarik Admani
*Please rate helpful posts*

Kashish_Patel Mon, 10/22/2012 - 02:50
User Badges:

Tarik,


If I have to configure such that admin password never expires, then should I just uncheck the check box?

Neno Spasov Tue, 10/30/2012 - 18:29
User Badges:
  • Green, 3000 points or more
  • Cisco Designated VIP,

    2017 AAA, Identity and NAC Security

Yes, unchecking the box "Disable admin account after" will prevent admin accounts from expiring. However, as a good security practice you should change the admin password considering important ISE can be when it comes to network security. In the same screen you can configure ISE to send you a warning when the password is about to expire.

Actions

This Discussion

Related Content