cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3398
Views
0
Helpful
3
Replies

ISE password reminder email

ashaw216
Level 1
Level 1

  We are evaluating ISE and I have set up an admin account to use to login. Password policy is set to 60 days, however I have been getting Password reminder notices every day since the first week it was set up.  I've looked all over and I don't see where the reminder period is set. This is what I've been getting:

Password Expiration Reminder

The password for your local admin "adminxxxx" is expiring on Fri Dec 20 11:25:56 EST 2013. Please update immediately, by going to https://server.domain.local/admin, signing-in, and clicking on the user name at the upper right corner.

  Where can I configure this not to send unless the password is expiring in 10 days?

1 Accepted Solution

Accepted Solutions

Naresh Ginjupalli
Cisco Employee
Cisco Employee

Hi Ashaw,

The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy 
is functioning the opposite of the way the web GUI for the field explains it does.

There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.

The workaround for this issue is as follows:

Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.  
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.


View solution in original post

3 Replies 3

aqjaved
Level 3
Level 3

Reset ISE Web UI Password

The screenshot above shows other options that can be used with the “application” command. The web UI should now be accessible using the password that was just set.

Change the Password Lockout Policy

The default password policy says that admin accounts will be locked out if their passwords are not changed once every

45 days.

ISE Admin Lockout Policy

This can be adjusted in Administration, System, Admin Access. Expand the Settings folder and highlight Password Policy.

ISE Password Policy Screen

The admin Password Policy page location has changed in ISE 1.1.x! It’s now Administration > System > Admin Access > Authentication > Password Policy. More info at this cisco.com link.

I have checked the box on this screen and set to 7 days:

Send an email reminder to administrators

days prior to  password expiration (valid range 1 to 3650)

  However, it's over 30 days before the password expires and I'm still getting two notifications about my password expiring.

Naresh Ginjupalli
Cisco Employee
Cisco Employee

Hi Ashaw,

The Password Lifetime settings for sending an email reminder to administrators in Administration> System> Admin Access menu> Authentication > Password Policy 
is functioning the opposite of the way the web GUI for the field explains it does.

There is a defect filed for this issue and will be addressed in ISE 1.2.1 release.

The workaround for this issue is as follows:

Enter the number of days from password creation or change the option you would like to start receiving alerts in the web GUI.  
Use the password-expiration-warning line from the running configuration in the CLI to verify the correct number of days before expiration for email alerts to start being generated.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: