Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2650
Views
5
Helpful
6
Replies

Cisco ISE disabled all internal Network users

rakeshvelagala
Level 3
Level 3

‎05-25-2014 06:46 PM - edited ‎03-10-2019 09:44 PM

Hi All,

 

Somehow, this morning when we checked on the ISE, all the IP phone users along with the internal users are disabled. We have disabled the password policy to disable the accounts if password is not changed. Our version is 1.2 and no patches. Can anyone please advise on this.

Wireless authentication for users against AD is ok.

 

Thanks

 

 

3 people had this problem
Labels:
0 Helpful
6 Replies 6

Saurav Lodh
Level 7
Level 7

‎05-26-2014 01:31 AM

Requiring Guests to Change Password

You can allow or require guest users to change their password after their initial account credentials are created by the sponsor. If guest users change their passwords, sponsors cannot provide guests with their login credentials if they are lost. The sponsor must create a new guest account.

You can either allow guests to change their passwords, or you can require that they do it at expiration and at first login. To require internal users using a guest portal to change their password upon their next login, choose Administration > Identity Management > Identities > Users . Select the specific internal user from the Network Access Users list and enable the change password check box.

Before You Begin

Create a Guest portal or modify the DefaultGuestPortal. This setting is specific to each Guest portal.

Step 1 Choose Administration > Web Portal Management > Settings > Guest > Multi-Portal Configuration.

Step 2 Check the Guest portal to update and click Edit .

Step 3 Click the Operations tab.

Step 4 Check either or both options:

    • Allow guest users to change password
    • Require guest users to change password at expiration and first login

Step 5 Click Save .

 

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_guest_pol.html#pgfId-1462385

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎06-04-2014 10:05 AM

Is this fresh installation or migration

0 Helpful

Muhammad Munir
Level 5
Level 5

‎06-11-2014 07:48 AM

  • The administrator may not have changed the AD password on after joining the Cisco ISE node to the AD domain.
  • The account used to join Cisco ISE to the Active Directory domain may have an expired password.
  • Change the account password that was used to join the AD domain after adding Cisco ISE to Active Directory.
0 Helpful

rakeshvelagala
Level 3
Level 3

‎06-11-2014 08:17 AM

Hi All,

 

When I checked there is a 60 days lock out policy which is enabled. But the strange thing is, I have created the users for less than 60 days. I have disabled the option. I have to see if this happens again!

 

Thanks for all your timely reply.

theonetruekevin
Level 1
Level 1
In response to rakeshvelagala

‎03-24-2015 04:17 AM

Thanks for posting this. I was having the same issue. 

0 Helpful

joaos
Level 1
Level 1
In response to rakeshvelagala

‎11-21-2017 03:43 AM

Can you confirm if disabling the "60 day option" solved your problem?

I am having the same issue regarding some sponsor users who keep getting disabled and was trying to confirm if this is a valid resolution.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents