07-22-2012 02:14 AM - edited 03-10-2019 07:19 PM
Hello ,
I have set 2 admin accounts on the ISE device , both which after a number of days get disabled for no reason , the error message received trying to login
is:
" Your account has been disabled after password expiration. Please contact your system administrator for assistance. "
Once i receive this message i am locked out of the ISE from access via the GUI , to overcome this issue so far i've used the "application reset-passwd ise username" command .
I am trying to understand , is this the proper behavior of the ISE ? if not whats the reason for this behavior ? can this be changed so the password
never expires ?
Thank you ,
07-22-2012 02:56 PM
Hi,
You can change this setting in Administration > Admin Access > Password Policy (by default the account is set to expire every 45 days).
Thanks,
Tarik Admani
*Please rate helpful posts*
07-23-2012 03:47 AM
Here is the link for additional settings - http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_identities.html#wp1113177
Thanks,
Tarik Admani
Sent from Cisco Technical Support iPad App
10-22-2012 02:50 AM
Tarik,
If I have to configure such that admin password never expires, then should I just uncheck the check box?
10-30-2012 06:29 PM
Yes, unchecking the box "Disable admin account after" will prevent admin accounts from expiring. However, as a good security practice you should change the admin password considering important ISE can be when it comes to network security. In the same screen you can configure ISE to send you a warning when the password is about to expire.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide