We are evaluating ISE and I have set up an admin account to use to login. Password policy is set to 60 days, however I have been getting Password reminder notices every day since the first week it was set up. I've looked all over and I don't see where the reminder period is set. This is what I've been getting:
Password Expiration Reminder
The password for your local admin "adminxxxx" is expiring on Fri Dec 20 11:25:56 EST 2013. Please update immediately, by going to https://server.domain.local/admin, signing-in, and clicking on the user name at the upper right corner.
Where can I configure this not to send unless the password is expiring in 10 days?
The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy
is functioning the opposite of the way the web GUI for the field explains it does.
There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.
The workaround for this issue is as follows:Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.