11-14-2013 04:48 AM - edited 03-10-2019 09:06 PM
We are evaluating ISE and I have set up an admin account to use to login. Password policy is set to 60 days, however I have been getting Password reminder notices every day since the first week it was set up. I've looked all over and I don't see where the reminder period is set. This is what I've been getting:
Password Expiration Reminder
The password for your local admin "adminxxxx" is expiring on Fri Dec 20 11:25:56 EST 2013. Please update immediately, by going to https://server.domain.local/admin, signing-in, and clicking on the user name at the upper right corner.
Where can I configure this not to send unless the password is expiring in 10 days?
Solved! Go to Solution.
11-19-2013 08:25 PM
Hi Ashaw,
The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy
is functioning the opposite of the way the web GUI for the field explains it does.
There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.
The workaround for this issue is as follows:Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.
11-14-2013 05:41 AM
Reset ISE Web UI Password
The screenshot above shows other options that can be used with the “application” command. The web UI should now be accessible using the password that was just set.
The default password policy says that admin accounts will be locked out if their passwords are not changed once every
45 days.
ISE Admin Lockout Policy
This can be adjusted in Administration, System, Admin Access. Expand the Settings folder and highlight Password Policy.
ISE Password Policy Screen
The admin Password Policy page location has changed in ISE 1.1.x! It’s now Administration > System > Admin Access > Authentication > Password Policy. More info at this cisco.com link.
11-15-2013 07:18 AM
I have checked the box on this screen and set to 7 days:
Send an email reminder to administrators
days prior to password expiration (valid range 1 to 3650)
However, it's over 30 days before the password expires and I'm still getting two notifications about my password expiring.
11-19-2013 08:25 PM
Hi Ashaw,
The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy
is functioning the opposite of the way the web GUI for the field explains it does.
There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.
The workaround for this issue is as follows:Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: