Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4858
Views
10
Helpful
7
Replies

ISE user account disabled before expiration date

Go to solution
omera
Level 1
Level 1

‎10-08-2018 01:34 AM

Greetings,

 

In our implementation of ISE we've faced the problem of local LDAP users getting their accounts disabled due to inactivity, the real issue here is that the period for an account to be disabled due to inactivity is 60 days and the ISE server disables many accounts each day randomly.

The software version is 2.3.0.298 with patch 4.

 

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
omera
Level 1
Level 1
In response to anthonylofreso

‎10-23-2018 05:11 AM

It's the following bug CSCvm88149 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
anthonylofreso
Level 4
Level 4

‎10-08-2018 04:30 AM

Are you referring to the account disable policy under: Administration > System > Admin Access > Authentication > Account Disable Policy ?

0 Helpful

Go to solution
omera
Level 1
Level 1
In response to anthonylofreso

‎10-08-2018 05:17 AM - edited ‎10-08-2018 05:43 AM

No, It's under Administration -> Setting -> User Authentication Settings -> Account Disable Policy. It's been set to 60 days.

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to omera

‎10-08-2018 05:58 AM

Did you make sure to uncheck:

 

Disable user account after  days if password was not changed

 

That is on by default which burns many customers (along with the admin account 45 day disable).

 

 

0 Helpful

Go to solution
omera
Level 1
Level 1
In response to paul

‎10-08-2018 06:15 AM

It's unchecked.

0 Helpful

Go to solution
anthonylofreso
Level 4
Level 4
In response to omera

‎10-08-2018 06:23 AM

I would open a tac case and update us here. We're having all kinds of problems with local accounts being disabled. TAC was stumped, they passed it onto the BU. We're still actively troubleshooting. Case has been open for months. I'm curious if your symptoms are similar at all.

For us, the logs page displays the following message: "Account is suspended temporarily due to excessive failed authentication attempts : AdminName=admin"

However, when you click on the 'details' icon, the message changes to: "Administrator authentication failed. Account is disabled due to inactivity"

TAC for a while was not sure which condition we were hitting. they now feel that the account is being disabled due to Failed attempts. There's an internal API that they believe is trying to authenticate with an incorrect password. We have not been able to determine the root cause yet.

Go to solution
omera
Level 1
Level 1
In response to anthonylofreso

‎10-10-2018 01:17 AM

Will do.

0 Helpful

Go to solution
omera
Level 1
Level 1
In response to anthonylofreso

‎10-23-2018 05:11 AM

It's the following bug CSCvm88149 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents