07-29-2012 10:34 PM - edited 03-10-2019 07:21 PM
Hi Security Experts,
Is it possible to reset/recover ISE CLI password from ISE WebGUI? I am able to get into web gui of ISE, but not able to login to its CLI. So want to reset/recover ISE CLI password from its GUI.
PS: I rate useful posts.
Thanks,
Kashish
Solved! Go to Solution.
07-29-2012 10:40 PM
Hi,
You can only recover the cli password after rebooting the ise node from install DVD. There is no other method.
For reference - http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_postins.html#wp1194396
Sent from Cisco Technical Support iPad App
07-29-2012 11:15 PM
Yes that is correct, the admin credentials/polcies are stored in the application database which is shared amongst all the nodes in the deployment. However, the cli password and also the database passwords are kept local on each instance.
Deregistering and re-registering will not affect the cli credentials. I have also experienced issues with the PSN nodes changing randomly but I havent had a chance to open a TAC case on this, I just reboot the nodes against the iso and then set them again.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-29-2012 10:40 PM
Hi,
You can only recover the cli password after rebooting the ise node from install DVD. There is no other method.
For reference - http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_postins.html#wp1194396
Sent from Cisco Technical Support iPad App
07-29-2012 10:49 PM
Hi Tarik,
Thanks for replying.
Here is what happened:
We have two admin ISE nodes (VMs) and two policy service nodes.
Everything (GUI and CLI) was fine for all the 4 nodes. I then changed the admin GUI password on primary admin ise node. I did NOT change password on any of the other three nodes. However, I can login to web gui of all the four nodes using the password that I changed. Is it because of the replication/sync amongst ise nodes?
Does the password sync happen only for web gui passwords and not for cli passwords? Will deregistering/registering the node help in getting its password back? I am positive that the password used to work before and problem happened only after I changed the web gui password of the admin node. I am not sure how the passwords are getting sync'd amongst different ise nodes.
Thanks,
Kashish
07-29-2012 11:15 PM
Yes that is correct, the admin credentials/polcies are stored in the application database which is shared amongst all the nodes in the deployment. However, the cli password and also the database passwords are kept local on each instance.
Deregistering and re-registering will not affect the cli credentials. I have also experienced issues with the PSN nodes changing randomly but I havent had a chance to open a TAC case on this, I just reboot the nodes against the iso and then set them again.
Thanks,
Tarik Admani
*Please rate helpful posts*
07-31-2012 08:03 PM
Tarik,
As per the CLI-admin password recovery procedure at
http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_postins.html#wp1179256
I have inserted DVD in the hardware appliance, but I don't see any prompt with these options:
"Welcome to Cisco Identity Services Engine - ISE 3355
To boot from hard disk press
Available boot options: "
I just see login prompt ( and of course, I cannot login because I don't know the password). I am using serial console connection to the appliance. Any idea on this?
07-31-2012 08:15 PM
Are you using putty?try using hyper terminal and see if the option displays correctly.
Sent from Cisco Technical Support iPad App
07-31-2012 08:21 PM
I used hyperterm as well. No luck
10-22-2012 02:15 AM
Hi Tarik,
I had successfully reset CLI admin password last time. Now three days back, this issue again happened and had to reset password again using DVD. Do you know if it is an existing bug? What are the triggers for the bug? we already encountered this issue twice in nearly 3-4 months and want to know what triggers it.
Thanks,
Kashish
08-08-2013 01:46 PM
Hello Guys,
I have the same problem here, but my admin/monitoring note are Vmware machines.
Whats the procedure of VMware environment?
Tks.
08-08-2013 01:56 PM
It's the same, except since it's virtualized you dont need a DVD. Use the .iso files that are available on cisco.com and mount that to the VMware CD drive. Reboot the VM and watch the console, the procedure is the same from there.
08-08-2013 02:03 PM
Tks!
08-08-2013 02:06 PM
What version of ISE do you have?
I haven't heard of any bugs like this, but I have heard of some customers with environments where there is an automated network scanner that attempts to log into any device with ssh available. ISE will lock out an account that has multiple authentication attempts against it.
08-08-2013 02:07 PM
Version: 1.1.2.145
10-21-2013 01:40 PM
I had successfully reset CLI admin password last time. Now three days back, this issue again happened and had to reset password again using DVD. Do you know if it is an existing bug? What are the triggers for the bug? we already encountered this issue twice in nearly 3-4 months and want to know what triggers it.
I've seen that at a customer too.
08-09-2013 03:46 PM
http://www.cisco.com/en/US/docs/security/ise/1.0/cli_ref_guide/ise10_cli_app_a.html#wp2259980
The steps are mention to reset the password.Best regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide