Cisco Ise Password Is Expired Please Reset Your Admin Password

16-04-2021
 |  [RAND-100] - Comments



Cisco

  1. Password Reset Cisco Switch
  2. Reset Cisco Router Password

Cisco Identity Services Engine (ISE) has by default one single user for accessing GUI: admin (default password: ‘default’). Many accounts can be created from GUI and different accounts can have different roles/rights. Besides from that, there is an admin-account in CLI as well. It it important to note that this is NOT the same account even though both usernames are ‘admin’. The CLI admin-password is specified during setup, and the GUI admin-password is changed at first GUI-login.

So, what happens when the admin (or any other) password is lost? In the early versions of ISE 1.0 there was no way to recover the GUI-password but since version 1.04 (see release-notes) there is a CLI-command to reset the password of any GUI user. The command is ‘application reset-passwd ise <username>’:
Reset GUI admin-password from CLI

And reset the GUI admin password, using the command: # application reset-passwd ise admin from the ISE GUI i had remove the option for diable admin account after 45 days. But after 60 days the password expire again. In this demonstration, I will show you how to change the Admin password when an administrator has locked themselves out.

Now, what if we loose the password for the CLI-admin? Well, there is a solution for that too. First of all we need console access to ISE. If it is a VM we need to get into the Vsphere Client and if it is an appliance we need to walk to the server room and connect a VGA-monitor and keyboard to the box. Second, this cannot be solved without rebooting the box (which of course breaks any services depending upon the ISE-instance). By booting from the installation media (DVD or .iso image). From there, there is an option to reset the CLI admin-user…

Rest CLI admin-password by rebooting ISE


Default password policy

Password Reset Cisco Switch

Note that there is a default setting in ISE password policy that require the admin-user (GUI-user!) login every now and then and change its password to prevent the account from being locked out. I am curious about why this setting is enabled by default…

Reset Cisco Router Password

Tagged with: CLI, console, ISE, password, recovery
Posted in Cisco Security