Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2559
Views
2
Helpful
2
Replies

How to change a secondary node GUI admin password using CLI

Go to solution
behzad bayat
Level 1
Level 1

‎11-03-2023 11:55 PM

I have a Cisco ISE cluster. The primary node is no longer available, and I cannot access the GUI for the secondary node because the password has expired. However, I have access to the CLI for the secondary node. How can I change the password policy for the secondary node? I've attempted this but it didn't allow me to proceed and instead prompted me to do this via the primary node, which is no longer available. I tried to change the password via "application reset-passwd ise admin," but it didn't allow me to do so. 

1.png

2.png

How can I change the GUI password for the secondary node when the primary node is no longer available?

TNX

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-06-2023 03:45 PM

aIf you cannot reset the ISE admin password without the PAN which you do not have then the only other option is to make this node a Standalone node with application reset-config ise. However, before doing that,  you should just rebuild your original ISE PAN - hopefully you have a backup! - then re-join the Secondary and PSNs to your new Primary.

You may want to call TAC and see if they have any additional tricks but I suspect you have really backed yourself into a corner without any alternate or unexpired administrator logins.

View solution in original post

2 Replies 2

Go to solution
Gopinath_Pigili
Spotlight
Spotlight

‎11-04-2023 01:30 AM

In Cisco ISE the WebGUI and CLI admin accounts/passwords are separate. In order to change the passwords you can use the following methods:

  • The CLI Admin password can be changed from the CLI by entering the command password. The CLI password is unique to each ISE node
  • The WebGUI password can be changed from the CLI by entering the command application reset-passwd ise admin. The WebGUI password must be reset on the Primary PAN, this password is then synchronised to all ISE nodes.
  • Alternatively you can reset the WebGUI (not CLI) password within the WebGUI itself. Navigate to Administration > System > Admin Access > Administrators > Admin Users

Best regards
******* If This Helps, Please Rate *******

Go to solution
thomas
Cisco Employee
Cisco Employee

‎11-06-2023 03:45 PM

aIf you cannot reset the ISE admin password without the PAN which you do not have then the only other option is to make this node a Standalone node with application reset-config ise. However, before doing that,  you should just rebuild your original ISE PAN - hopefully you have a backup! - then re-join the Secondary and PSNs to your new Primary.

You may want to call TAC and see if they have any additional tricks but I suspect you have really backed yourself into a corner without any alternate or unexpired administrator logins.

Customers Also Viewed These Support Documents