cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2508
Views
10
Helpful
7
Replies
omera
Beginner

ISE user account disabled before expiration date

Greetings,

 

In our implementation of ISE we've faced the problem of local LDAP users getting their accounts disabled due to inactivity, the real issue here is that the period for an account to be disabled due to inactivity is 60 days and the ISE server disables many accounts each day randomly.

The software version is 2.3.0.298 with patch 4.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

It's the following bug CSCvm88149 

View solution in original post

7 REPLIES 7
anthonylofreso
Enthusiast

Are you referring to the account disable policy under: Administration > System > Admin Access > Authentication > Account Disable Policy ?

No, It's under Administration -> Setting -> User Authentication Settings -> Account Disable Policy. It's been set to 60 days.

Did you make sure to uncheck:

 

Disable user account after  days if password was not changed

 

That is on by default which burns many customers (along with the admin account 45 day disable).

 

 

It's unchecked.

I would open a tac case and update us here. We're having all kinds of problems with local accounts being disabled. TAC was stumped, they passed it onto the BU. We're still actively troubleshooting. Case has been open for months. I'm curious if your symptoms are similar at all.

For us, the logs page displays the following message: "Account is suspended temporarily due to excessive failed authentication attempts : AdminName=admin"

However, when you click on the 'details' icon, the message changes to: "Administrator authentication failed. Account is disabled due to inactivity"

TAC for a while was not sure which condition we were hitting. they now feel that the account is being disabled due to Failed attempts. There's an internal API that they believe is trying to authenticate with an incorrect password. We have not been able to determine the root cause yet.

Will do.

It's the following bug CSCvm88149 

View solution in original post

Content for Community-Ad