ISE - GUI login - error " your account has been disabled"

Unanswered Question
Jul 22nd, 2012

Hello ,

I have set 2 admin accounts on the ISE device , both which after a number of days get disabled for no reason , the error message received trying to login

is:

" Your account has been disabled after password expiration. Please contact your system administrator for assistance. "

Once i receive this message i am locked out of the ISE from access via the GUI , to overcome this issue so far i've used the "application reset-passwd ise username" command .

I am trying to understand , is this the proper behavior of the ISE ? if not whats the reason for this behavior ? can this be changed so the password

never expires ?

Thank you ,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Tarik Admani Sun, 07/22/2012 - 14:56

Hi,

You can change this setting in Administration > Admin Access > Password Policy (by default the account is set to expire every 45 days).

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani Mon, 07/23/2012 - 03:47

Here is the link for additional settings - http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_identities.html#wp1113177

Thanks,

Tarik Admani

Sent from Cisco Technical Support iPad App

Kashish_Patel Mon, 10/22/2012 - 02:50

Tarik,

If I have to configure such that admin password never expires, then should I just uncheck the check box?

cisconspasov Tue, 10/30/2012 - 18:29

Yes, unchecking the box "Disable admin account after" will prevent admin accounts from expiring. However, as a good security practice you should change the admin password considering important ISE can be when it comes to network security. In the same screen you can configure ISE to send you a warning when the password is about to expire.

Actions

Login or Register to take actions

This Discussion

Posted July 22, 2012 at 2:14 AM
Stats:
Replies:4 Avg. Rating:
Views:3446 Votes:0
Shares:0

Related Content

Discussions Leaderboard