×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to Reset CLI and Database passwords (admin\user) in ISE

Document

Thu, 06/01/2017 - 12:12
May 31st, 2013
User Badges:
  • Cisco Employee,


 

Introduction

ISE uses two database accounts. One is the admin account, and the  second is the user account. In case you'd like to reset or change it later in your deployment, you can reset them from the standard ISE CLI  with the following commands

Database accounts

application reset-passwd ise internal-database-admin
application reset-passwd ise internal-database-user

Note:  If  you reset the internal database user password,  Cisco ISE prompts you to  restart the application. The internal  database user password is reset  after you restart the Cisco ISE  application.

User Interface

ISE uses a different account to allow user to access User Interface (UI). This can also be reset with the help of standard CLI command.

# application reset-passwd application-name administrator-ID

!--application reset-passwd ise admin

application reset-passwd (Command Reference Guide)

Command Line Interface (CLI) 

For accessing Command Line Interface (CLI) of ISE, we need a different admin account. If no one is able to log into the Cisco ISE system because the administrator password has been lost, forgotten, or compromised, we can only use the Recovery DVD to reset the ISE CLI admin password.

Resetting the Administrator Password for a Cisco ISE Appliance

 

Scenario 2:

Problem:

Using ISE 1.2 and setting up a new Radius Server Sequence, I am unable to use IETF Radius attribute 88 (Framed-Pool) as it is not displayed in the Radius IETF Dictionary.

Is there a reason for this? Most other IETF attributes are available, I am curious as to why this one is missing images frame 0 and 2?

 

Solution:

Refer to link mentioned below:

 

Hope this helps.

Loading.
Mountain Man Tue, 02/04/2014 - 08:56
User Badges:

Thanks for the info. Question: does ISE lock up users if the login excceded the max times setting?  I can login to the secondary, but primay ssh give me: Permission denied (publickey,password). Any idea?


Thanks,

Jatin Katyal Tue, 02/04/2014 - 09:11
User Badges:
  • Cisco Employee,
CLI admin users, by default, will be locked if failed passwords for more than 5 times due to the password policy.

password-policy

  lower-case-required

  upper-case-required

  digit-required

  no-username

  disable-cisco-passwords

  min-password-length 6

  password-lock-enabled

  password-lock-retry-count 5



If you want to disable the password-policy on CLI, please run the following commands on the CLI.

conf t

     password-policy

          no password-expiration-enable

Mountain Man Tue, 02/04/2014 - 09:18
User Badges:

Thanks for the prompt answering


Unfortunately, I cannot get in to the primary CLI anymore.  I guess I have to use the DVD way to do that?

Jatin Katyal Thu, 02/06/2014 - 22:38
User Badges:
  • Cisco Employee,

Yes, you're right. In order to acess the box via CLI, the only way is to boot it using ISO image to recover the admin credentials.

Oliver Borer Wed, 05/31/2017 - 13:52
User Badges:

Dear Jatin

I have the problem that the password recovery by using the ISO image does not work. I am able to set the new password but after I did that I cannot login with the password set.

It is a VM installation (ise-2.2.0.470.SPA.x86_64.iso). Do you have any idea what the reason could be?

Thanks a lot and best regards

Oliver

Mountain Man Thu, 06/01/2017 - 12:05
User Badges:

Oliver,

Just in case if you confused the CLI pass with GUI pass. They are different. GUI admin credential does not work on CLI.   I remember I resolve the CLI login issue by reboot the primary.  Sounds this might not apply to you.  Have a good luck!


MM

Oliver Borer Thu, 06/01/2017 - 12:12
User Badges:

Dear Mountain Man

Thanks for your feedback. Yes I know. Be carefully with ISE 2.2. It is a bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve27812/?referring_site...

And there is no workaround. I had to reinstall the ISE-Server. In ISE 2.2 the cli password of the admin user will be locked after 3 failing attemps. And if you cannot reset the admin password you are lost. With the admin GUI user you cannot reactivate the cli admin user. Its a security device so secure password policies.

Best Regards

Oliver

Actions

This Document

Related Content