This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
In our implementation of ISE we've faced the problem of local LDAP users getting their accounts disabled due to inactivity, the real issue here is that the period for an account to be disabled due to inactivity is 60 days and the ISE server disables many accounts each day randomly.
The software version is 220.127.116.118 with patch 4.
Solved! Go to Solution.
Did you make sure to uncheck:
Disable user account after days if password was not changed
That is on by default which burns many customers (along with the admin account 45 day disable).
I would open a tac case and update us here. We're having all kinds of problems with local accounts being disabled. TAC was stumped, they passed it onto the BU. We're still actively troubleshooting. Case has been open for months. I'm curious if your symptoms are similar at all.
For us, the logs page displays the following message: "Account is suspended temporarily due to excessive failed authentication attempts : AdminName=admin"
However, when you click on the 'details' icon, the message changes to: "Administrator authentication failed. Account is disabled due to inactivity"
TAC for a while was not sure which condition we were hitting. they now feel that the account is being disabled due to Failed attempts. There's an internal API that they believe is trying to authenticate with an incorrect password. We have not been able to determine the root cause yet.