cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

705
Views
0
Helpful
1
Replies
Andreas Hoffmann
Beginner

Sponsor accounts become disabled for no apparent reason

We use three different sponsor accounts to manage guest logons on ISE. These work fine a few times but the accounts become disabled after a short period of time. We don't know when and how often this happens, but virtually every time one of the sponsors attempts to login to the sponsor portal they are denied access with the message "user disabled". When we check in the administration portal, indeed all three sponsor accounts are disabled. We enable all three accounts and everything works again - for a while.

We have no idea when (not to mention: why) the accounts become disabled. There seem to be no alarms or warnings generated. What can be done?

1 ACCEPTED SOLUTION

Accepted Solutions
Charlie Moreton
Cisco Employee

Andreas,

This may be a simple password policy that is a default on the ISE.

Check by going to:  Administration > Identity Management > Settings

Choose User Password Policy from the menu on the left.

Look under Password Lifetime.  If "Disable user account after 60 days if password was not changed" is checked, then this is your issue.

I have attached a screenshot of the page and note that mine is checked (only for illustration purposes).

Please Rate helpful posts and mark this question as answered if, in fact, this does andswer your question.

Charles Moreton

View solution in original post

1 REPLY 1
Charlie Moreton
Cisco Employee

Andreas,

This may be a simple password policy that is a default on the ISE.

Check by going to:  Administration > Identity Management > Settings

Choose User Password Policy from the menu on the left.

Look under Password Lifetime.  If "Disable user account after 60 days if password was not changed" is checked, then this is your issue.

I have attached a screenshot of the page and note that mine is checked (only for illustration purposes).

Please Rate helpful posts and mark this question as answered if, in fact, this does andswer your question.

Charles Moreton

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube