cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

444
Views
0
Helpful
9
Replies
Highlighted
Cisco Employee

ISE password lifecycle

Hello,

Customer has an evaluation of ISE in their network. They have had to update the GUI password twice (long eval) and have leveraged the command line to do so previously. This morning, they were notified that the GUI password expired but they couldn't leverage the CLI to reset, they were forced to download the ISO in order to recover.

ISE Password recovery mechanisms:

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200568-ISE-Password-Recovery-Mechanisms.html

They are confident they were typing in the correct password and have the following questions:

- Can they expect this behavior in production?

- Does the GUI password always expire every 45 days?

          - is there a configuration parameter to change that?

- What is the password life cycle for CLI password? Is it configurable?

- Other than fat fingering the password, is this expected behavior for evaluation systems?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

I would recommend they work through the tac if they don’t see the option

Maybe a browser inconsistency

There is no difference in code

Sent from my iPhone

View solution in original post

9 REPLIES 9
Highlighted
Cisco Employee

Disable this option:

Screen Shot 2018-03-27 at 1.06.54 PM.png

Highlighted

Thanks for the reply, but that field doesn't look it exists in the current version   cid:image002.png@01D3C5E9.233FEC40password for ISE admin.PNG

Highlighted

May be you need to use a different browser / machine. This page scrolls generally. After Password History, comes Password Lifetime option, where the Admin password expiry time can be changed.

~Hari

Highlighted

Could it be a hidden field in evaluations?

Cheers,

jb

Sent from my iPhone

Highlighted

Evaluation is just the license length of 90 days and is full featured

It’s the same software and menus

Highlighted

Thanks Jason.

If that’s the case, why don’t they see the option?

Cheers,

jb

Sent from my iPhone

Highlighted

I would recommend they work through the tac if they don’t see the option

Maybe a browser inconsistency

There is no difference in code

Sent from my iPhone

View solution in original post

Highlighted

This is an evaluation, no TAC support.

Why would a configuration parameter be missing in the first place?

This is the OVA they used for the trial, < ISE-2.3.0.298-virtual-eval.ova>

It’s version 2.3, could the parameter have been removed in this version?

Highlighted

Looking at the screenshot comparing to what hari and you have, it looks like they didn't scroll down far enough as its below password history

Content for Community-Ad