×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ISE password reminder email

Answered Question
Nov 14th, 2013
User Badges:

  We are evaluating ISE and I have set up an admin account to use to login. Password policy is set to 60 days, however I have been getting Password reminder notices every day since the first week it was set up.  I've looked all over and I don't see where the reminder period is set. This is what I've been getting:


Password Expiration Reminder


The password for your local admin "adminxxxx" is expiring on Fri Dec 20 11:25:56 EST 2013. Please update immediately, by going to https://server.domain.local/admin, signing-in, and clicking on the user name at the upper right corner.




  Where can I configure this not to send unless the password is expiring in 10 days?

Correct Answer by Naresh Ginjupalli about 3 years 9 months ago

Hi Ashaw,


The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy 
is functioning the opposite of the way the web GUI for the field explains it does.

There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.

The workaround for this issue is as follows:

Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.  
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
aqjaved Thu, 11/14/2013 - 05:41
User Badges:
  • Bronze, 100 points or more

Reset ISE Web UI Password

The screenshot above shows other options that can be used with the “application” command. The web UI should now be accessible using the password that was just set.

Change the Password Lockout Policy

The default password policy says that admin accounts will be locked out if their passwords are not changed once every

45 days.

ISE Admin Lockout Policy

This can be adjusted in Administration, System, Admin Access. Expand the Settings folder and highlight Password Policy.

ISE Password Policy Screen

The admin Password Policy page location has changed in ISE 1.1.x! It’s now Administration > System > Admin Access > Authentication > Password Policy. More info at this cisco.com link.

ashaw216 Fri, 11/15/2013 - 07:18
User Badges:

I have checked the box on this screen and set to 7 days:


Send an email reminder to administrators

days prior to  password expiration (valid range 1 to 3650)



  However, it's over 30 days before the password expires and I'm still getting two notifications about my password expiring.

Correct Answer
Naresh Ginjupalli Tue, 11/19/2013 - 20:25
User Badges:
  • Cisco Employee,

Hi Ashaw,


The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy 
is functioning the opposite of the way the web GUI for the field explains it does.

There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.

The workaround for this issue is as follows:

Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.  
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.


Actions

This Discussion