cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
38013
Views
5
Helpful
11
Replies

Cisco ISE CLI and GUI password expire

mostafa.kamel
Level 1
Level 1

I had Cisco ISE version 1.1  i face a problem with the CLI and GUI password, as it expire and i can't login, i do the password reset using the ISE DVD,

i navigate to the ISE CLI, and do the following commands:

conf t

     password-policy

          no password-expiration-enable

and reset the GUI admin password, using the command:

     # application reset-passwd ise admin

from the ISE GUI i had remove the option for diable admin account after 45 days.

but after 60 days the password expire again.

so kindly advise what to check for this expire issue.

1 Accepted Solution

Accepted Solutions

Hi Mostafa,

Yes, the last reply was more towards GUI password-mgmt because in maority of cases it happens with UI admin account. I need to know if you've restarted the ISE after disabling the expiration from the CLI because what I read few weeks ago in an internal defect that password policy configurations are not preserved on cli after restart so just to check could you please check the current settings on CLI w/ the help of show run | in password-policy.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

11 Replies 11

Jatin Katyal
Cisco Employee
Cisco Employee

I come across this issue few days ago. There has been an issue that after the account expires and is  re-enabled, and I think we have few options here:

1.] Uncheck the box "Disable user account after X days if password was not changed"

2.] change the default  value from 60 days to X days as per your requirement.

3.] Reset the user account password with in 60 days.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi Jatin,

thanks for your reply.

i think your reply is related to the GUI admin password, but have you any idea why the CLI password expire even i disable the expiration from the CLI.

thanks and regards,

Mostafa

Hi Mostafa,

Yes, the last reply was more towards GUI password-mgmt because in maority of cases it happens with UI admin account. I need to know if you've restarted the ISE after disabling the expiration from the CLI because what I read few weeks ago in an internal defect that password policy configurations are not preserved on cli after restart so just to check could you please check the current settings on CLI w/ the help of show run | in password-policy.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi Jatin,

thanks for your reply.

in fact the ISE has been restarted two times due to power shortage.

is there a version for the ISE that has this problem solved for the password policy configurations not preserved on the CLI.

thanks and regards,

Mostafa kamel

The defect also talks about sync issue between UI and CLI. That was the closest one I could find. The defect shows 1.2 will have a fix for it.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

thanks Jatin for your support and reply.

BR

Mostafa kamel

Your welcome:)

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

jkatyal   you post above really helped.  Thanks. 

Thanks RReichel :)
~Jatin

Hello everyone,

I can enter in ise server with GUI by used my username and password and can login as fine, But the CLI ssh i can't enter when i used my username and password, How can enable the account in cli?

Any help

THANKS

yavar.fallahi
Level 1
Level 1

Thank you for your solution, it worked! I have been lucky as I had separate SSH account to reset the GUI user.