I always forget my Cisco Identity Service Engine’s (ISE) command-line interface (CLI) and graphical user interface (GUI) password and have Googled many times how to change these two. Resetting the GUI password requires CLI access; therefore, resetting the CLI password comes first if both are inaccessible.
Before you continue, you must change your settings according to the requirements listed above. When done, click Retry. Reset Windows User/Administrator Password. ISumsoft Windows Password Refixer is the professional Windows password reset software which can reset/remove lost user and administrator password used to log on to Windows operating system, including Windows 10, 8, 7, Vista, XP, Windows Server 2019, 2016, 2012, 2008, 2003, etc. Then you will enter the Recovery Mode. 2) Navigate using ONLY the volume down key. Go to 'wipe data/factory reset', hit it. It will wipe all settings and data on the device.Then reboot your phone, the password will be removed. Once you perform the factory reset successfully, you'll be able to access your device without entering the lock password.
Reset CLI Password
In order to change the CLI password, the password recovery tool in the ISO image needs to be used. There are some necessary steps to launch this tool. Those steps include the following.
The password recovery mechanism is enabled by default which means anyone with physical access to the switch is able to initiate the process and gain access to the switch or stack’s configuration. In some environments this might be a major security concern which is why Cisco provides the option to disable the password recovery mechanism.
![Recovery Recovery](/uploads/1/2/8/0/128006780/417088183.png)
- Mount ISE ISO file
- Change boot option in basic input/output system (BIOS)
- Power on VM
- Unmount ISO file
- Reload
1. Mount ISE ISO file
Add the CD/DVD Drive by right-clicking the VM and choosing “Edit Settings…”, and select “ADD NEW DEVICE”. I have pre-uploaded the ISE ISO image in the datastore of vCenter Server, and choosing “Datastore ISO file” allows us to select that file.
2. Change boot option in basic input/output system (BIOS)
Enable “Force BIOS setup” in VM Options to change the boot sequence for the VM to boot from the mounted ISO file.
3. Power on VM
After powering on the VM, it will launch system utilities from the ISO. Enter 1 for the following menu.
Enter 1 and change the password of the admin following the prompt.
After changing the admin password, the screen will change back to the system utilities menu. Don’t restart the VM by entering [q] just yet, dismounting the ISO file comes first.
![Ise password recovery Ise password recovery](/uploads/1/2/8/0/128006780/384958054.jpg)
4. Unmount ISO file
Follow the same procedure taken in 1, and unmount the ISO file by removing the CD/DVD drive, or unticking the connected box.
5. Reload
Finally, reload the VM by entering [q] in the system utilities, and login username admin and the new password.
Reset GUI Password
Once gaining access to CLI, execute the below command to change the GUI password.
In my case, the username equals admin.
In addition, the password for ISE GUI admin expires in 45 days by default. For lab environments, this becomes a pain in the neck. Go to Administration > System > Admin Access > Password Policy to change the default password expiration configuration. I have disabled all policies for the ease of labbing.
It’s a scenario I’ve seen pretty often. You try to log into the CLI of an ISE node (SSH or console) with the admin account and the login fails. You verify that the password is correct. The problem is that you’ve been locked out due to too many failed logins. Unfortunately, the only solution you have is to reboot the node using an installation ISO and go through a password recovery. It’s not a difficult process but it does require downtime for that node.
I have seen this more often than not caused by security scanners. Businesses like to test their systems for vulnerabilities. The ISE node isn’t excluded from the scan and a brute force attempt is made by the scanner to log into the node using an SSH session. This causes the CLI admin account to become locked. If they had utilized a second (or even third) CLI admin account, they could have logged in and reset the default admin account.
The process for adding additional CLI logins is simple. Log into the ISE node CLI and run the following commands:
Google Password Recovery
It’s important to add role admin to the end. If you put role user, the account you create will have restricted access to CLI commands (ie no configuration commands). Be sure to test your new user account before you actually need it.