Hi Jatin,

jcaveen76 · ‎01-28-2016

Please could someone assist in my plight.

The other day we changed the expiry date on the ISE for the admin accounts.

This blocked the administration accounts, and we had to manually unblock the accounts for admin identities.

Is there a way we could stop this from blocking the accounts and having to reset the passwords.

Thank you

James Caveen

Jatin Katyal · ‎01-28-2016

Duplicate post

~Jatin

jcaveen76 · ‎01-28-2016

Thank you for the link Jatin.

Whats happening is that when we change the password lifetime, e.g 90 days, even though we set the notice to tell the user before the expiry to 14 days, it blocks/locks the admin accounts out immediately. This is before the user has tried to authenticate. We set the number of fails to 3, before locking the account out.

What we would like to do is set the password lifetime days, without it then blocking or locking out any of the admin accounts, straight after the change.

Cheers

James

Jatin Katyal · ‎01-28-2016

1. what code of ISE are you using?

2. Attach the screen shot of admin password policy.

I'll setup the same thing here and see if I can DUP the issue.

~ Jatin

~Jatin

jcaveen76 · ‎01-29-2016

Hi Jatin

We are using Version : 1.4.0.253 of ISE

I did the change last night around 10:30pm GMT, and it was ok an hour later.

This morning, we have found that if you haven't reset your password within the last day, the user accounts have been blocked.

I have included the policy in the attachment.

Cheers

Jatin Katyal · ‎01-31-2016

I configured the ISE node with the same settings yesterday and so far its working fine. Will keep you update. ~ Jatin

~Jatin

jcaveen76 · ‎02-10-2016

Hi Jatin,

How did it go with the Password access when the settings were changed?

Cheers

ISE Admin Accounts blocked after changing the password expiration date