Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6234
Views
0
Helpful
9
Replies

Error: Password reset is only possible from STANDALONE or PRIMARY nodes.

Go to solution
FLEX.Support
Level 1
Level 1

‎06-20-2018 06:42 AM - edited ‎02-21-2020 10:58 AM

My web "admin" for my ISE deployment has expired. I did some searching and found a way to reset the password via CLI. Through the command line, issued the following command, "application reset-passwd ise admin" I received a prompt for the new password and then the confirmation password prompt. After the confirmation password, I received the following error "Error!  Password reset is only possible from STANDALONE or PRIMARY nodes." Now, we have a pretty simple deployment. It's a standalone deployment of 2.4 done as a virtual appliance. So the error doesn't make complete sense to me. Am I doing something wrong? How do I get the admin back to working status? Any help is much appreciated. 

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachin.tyagi
Level 1
Level 1
In response to Arne Bier

‎11-29-2018 11:52 AM

Looks like a bug with ISE version 2.4. I am running with same issue on version 2.4:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj14636/?rfs=iqvred

 

Workaround: reload the PAN and then application reset-passwd ise command will work.

 

 

View solution in original post

0 Helpful
9 Replies 9

Go to solution
ajc
Level 7
Level 7

‎06-20-2018 10:34 AM

It does not make sense. Did you try to reboot the VM running ISE Primary PAN using your VMware access and try again?

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to ajc

‎06-21-2018 03:31 PM

If Abraham's suggestion doesn't work, then the last resort is to boot that VM from the ISE 2.4 .iso and choose option 4 to reset the admin password (this is the password recovery option used when you're in dire straits)

0 Helpful

Go to solution
ronei.amorim
Level 1
Level 1
In response to Arne Bier

‎08-14-2018 11:36 AM

I'm facing the same issue...

But the option 4 from recovery image it's only for CLI admin...

 

Welcome to Cisco Identity Services Engine - ISE 3355
To boot from hard disk press <Enter>
Available boot options:
[1] Cisco Identity Services Engine Installation (Keyboard/Monitor)
[2] Cisco Identity Services Engine Installation (Serial Console)
[3] Reset Administrator Password (Keyboard/Monitor)
[4] Reset Administrator Password (Serial Console)
0 Helpful

Go to solution
ronei.amorim
Level 1
Level 1

‎08-14-2018 11:38 AM - edited ‎08-14-2018 11:40 AM

I'm trying too...

 

/admin# application reset-passwd ise admin
Enter new password:
Confirm new password:

Error! Password reset is only possible from STANDALONE or PRIMARY nodes.

 

The node was deregistered and I need register again, but admin password expire.

 

I also reboot two times and nothing... I'm thinking reset ise config.
But I dont know if keeps certificates already deployed.

0 Helpful

Go to solution
musultan
Cisco Employee
Cisco Employee
In response to ronei.amorim

‎08-14-2018 12:23 PM

As you said it is DE-registered from current deployment, then i am expecting that it should be displayed as STANDALONE.

 

can you check in "show tech-support" and verify the Node role as following?

 

*****************************************
Displaying ISE deployment ...
*****************************************
Node Config Details

NAME            PERSONA        ROLE       ACTIVE      REPLICATION
------------------- --------------- ---------- ---------- ---------------
ISE-1        PAN,PSN        PRIMARY    NONE      Not Applicable
ISE-2        MNT         SECONDARY  STANDBY      SYNC COMPLETED

 

0 Helpful

Go to solution
ronei.amorim
Level 1
Level 1
In response to musultan

‎08-14-2018 12:35 PM

That's my output form show tech

 

*****************************************
Displaying ISE deployment ...
*****************************************
Node Config Details

NAME                PERSONA         ROLE       ACTIVE     REPLICATION
------------------- --------------- ---------- ---------- ---------------
ISE01             PAN,MNT,PSN     PRIMARY    ACTIVE     Not Applicable
ISE02             PAN,MNT,PSN     SECONDARY  STANDBY    SYNC COMPLETED

0 Helpful

Go to solution
Arne Bier
VIP
VIP
In response to ronei.amorim

‎08-14-2018 01:21 PM

So did you issue the command

application reset-passwd ise admin

from ISE01?  This is the Active PAN.  If ISE tells you that it's not the ACTIVE PAN then you probably need to ask the TAC.

 

I suggested booting from .iso to set the ISE CLI admin password (but I misread your original issue) - sorry for that.  If you have the cli admin password for both nodes then no need to perform the password recovery I suggested.

0 Helpful

Go to solution
sachin.tyagi
Level 1
Level 1
In response to Arne Bier

‎11-29-2018 11:52 AM

Looks like a bug with ISE version 2.4. I am running with same issue on version 2.4:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj14636/?rfs=iqvred

 

Workaround: reload the PAN and then application reset-passwd ise command will work.

 

 

0 Helpful

Go to solution
mazhar mahadik
Level 1
Level 1
In response to sachin.tyagi

‎11-14-2019 12:43 AM

HI ,

 

Reload option worked for me, i did reload of ise from cli, & then application reset-passwd ise worked,

 

Thanks,

0 Helpful
Customers Also Viewed These Support Documents