10-08-2018 01:34 AM
Greetings,
In our implementation of ISE we've faced the problem of local LDAP users getting their accounts disabled due to inactivity, the real issue here is that the period for an account to be disabled due to inactivity is 60 days and the ISE server disables many accounts each day randomly.
The software version is 2.3.0.298 with patch 4.
Solved! Go to Solution.
10-23-2018 05:11 AM
It's the following bug CSCvm88149
10-08-2018 04:30 AM
Are you referring to the account disable policy under: Administration > System > Admin Access > Authentication > Account Disable Policy ?
10-08-2018 05:17 AM - edited 10-08-2018 05:43 AM
No, It's under Administration -> Setting -> User Authentication Settings -> Account Disable Policy. It's been set to 60 days.
10-08-2018 05:58 AM
Did you make sure to uncheck:
Disable user account after days if password was not changed
That is on by default which burns many customers (along with the admin account 45 day disable).
10-08-2018 06:15 AM
It's unchecked.
10-08-2018 06:23 AM
I would open a tac case and update us here. We're having all kinds of problems with local accounts being disabled. TAC was stumped, they passed it onto the BU. We're still actively troubleshooting. Case has been open for months. I'm curious if your symptoms are similar at all.
For us, the logs page displays the following message: "Account is suspended temporarily due to excessive failed authentication attempts : AdminName=admin"
However, when you click on the 'details' icon, the message changes to: "Administrator authentication failed. Account is disabled due to inactivity"
TAC for a while was not sure which condition we were hitting. they now feel that the account is being disabled due to Failed attempts. There's an internal API that they believe is trying to authenticate with an incorrect password. We have not been able to determine the root cause yet.
10-10-2018 01:17 AM
Will do.
10-23-2018 05:11 AM
It's the following bug CSCvm88149
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: