ISE - GUI login - error " your account has been disabled"

vvvnnnzzz · ‎07-22-2012

Hello ,

I have set 2 admin accounts on the ISE device , both which after a number of days get disabled for no reason , the error message received trying to login

is:

" Your account has been disabled after password expiration. Please contact your system administrator for assistance. "

Once i receive this message i am locked out of the ISE from access via the GUI , to overcome this issue so far i've used the "application reset-passwd ise username" command .

I am trying to understand , is this the proper behavior of the ISE ? if not whats the reason for this behavior ? can this be changed so the password

never expires ?

Thank you ,

Tarik Admani · ‎07-22-2012

Hi,

You can change this setting in Administration > Admin Access > Password Policy (by default the account is set to expire every 45 days).

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani · ‎07-23-2012

Here is the link for additional settings - http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_man_identities.html#wp1113177

Thanks,

Tarik Admani

Sent from Cisco Technical Support iPad App

Kashish_Patel · ‎10-22-2012

Tarik,

If I have to configure such that admin password never expires, then should I just uncheck the check box?

nspasov · ‎10-30-2012

Yes, unchecking the box "Disable admin account after" will prevent admin accounts from expiring. However, as a good security practice you should change the admin password considering important ISE can be when it comes to network security. In the same screen you can configure ISE to send you a warning when the password is about to expire.