- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2020 06:15 AM
Please reply to my query it is very Urgent I have 6 ISE running as a distributed deployment like 2 PAN 2 PSN 2 MNT.
When I go to GUI Administrator>admin access> password policy I am not seeing the 45 days expiry. But when I type show run in ISE CLI it says password expiry is 45 days ... I tried initiating command # No password-expiry enabled, but it gave me an error saying please change password policy in GUI.
Please advise me what to do in GUI password lifetime is missing and in CLI it keep telling me to do it in GUI.
ISE Version 2.6 with patch 3.
Does ISE password expire in Distributed deployment?
Thanks
Priyesh
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2020 12:32 PM
This policy is replicated for you across all nodes in the deployment, set it once and done.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2020 07:28 AM - edited 02-05-2020 07:50 AM
You can take a look at this page, the default expiry is 45 days across the deployment, and as indicated it is configured from the GUI.
https://<ise admin ip>/admin/#administration/administration_system/administration_system_rbac/adminAccess_authentication
Then click on the "password policy" tab and scroll down.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2020 11:59 AM
Thank you Damien, in my case chrome was not loading the full page of ISE because of that I was not seeing that 45 days option I tried in firefox and I was able to see the option.
I just unchecked 45 days in PAN primary None of the other nodes has any admin pannel since they are secondary so do I need to break deployment and repeat the process in each node Or will it Automatically synchronise with ISE primary PAN where I unchecked the option.
Also, Do I need to do anything in CLI regarding password expiry or GUI is inuff?
Please reply thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2020 12:32 PM
This policy is replicated for you across all nodes in the deployment, set it once and done.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2020 09:39 AM
Thank you very much.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2024 09:12 PM
I have similar issue under the same deployment.
2 PAN 2 PSN 2 MNT
All health check is ok, ALL nodes working ok.
I have the 45-day expiration policy disabled in the PAN nodes.
Do you know if I have to do this in every node? I am asking because I cannot log into the PSNs only.
