cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
6
Replies

ISE Admin Accounts blocked after changing the password expiration date

jcaveen76
Level 1
Level 1

Please could someone assist in my plight.

The other day we changed the expiry date on the ISE for the admin accounts.

This blocked the administration accounts, and we had to manually unblock the accounts for admin identities. 

Is there a way we could stop this from blocking the accounts and having to reset the passwords.

Thank you

James Caveen

6 Replies 6

Jatin Katyal
Cisco Employee
Cisco Employee

Thank you for the link Jatin.

Whats happening is that when we change the password lifetime, e.g 90 days, even though we set the notice to tell the user before the expiry to 14 days, it blocks/locks the admin accounts out immediately.  This is before the user has tried to authenticate. We set the number of fails to 3, before locking the account out.

What we would like to do is set the password lifetime days, without it then blocking or locking out any of the admin accounts, straight after the change.

Cheers 

James 

1. what code of ISE are you using?

2. Attach the screen shot of admin password policy.

I'll setup the same thing here and see if I can DUP the issue.

~ Jatin

~Jatin

Hi Jatin

We are using Version : 1.4.0.253 of ISE

I did the change last night around 10:30pm GMT, and it was ok an hour later.

This morning, we have found that if you haven't reset your password within the last day, the user accounts have been blocked.

I have included the policy in the attachment.

Cheers

I configured the ISE node with the same settings yesterday and so far its working fine. Will keep you update. ~ Jatin

~Jatin

Hi Jatin,

How did it go with the Password access when the settings were changed?

Cheers