Reset admin password in Cisco ISE in CLI (Vmware)


There will be occasions that you forget the admin password or you got locked out and the only option option left is to reset the admin password.Follow below steps to reset your password 

NOTE : Below steps were tried on ISE 1.3

Recommended : For safety I prefer to take a VM snapshot before proceeding.

To take a Snapshot in the vSphere Client

1. Right click on the  Virtual Machine and choose option  Snapshot > Take Snapshot.
2. Type a name for the snapshot.
3. Type a description for the snapshot.
Adding a date and time or a description, for example, "Snapshot before applying XYZ patch," can help you determine which snapshot to restore or delete.
4.Click OK

Revert to a Snapshot in the vSphere Client

1.Right-click a virtual machine in the vSphere Client inventory and select Revert to Current Snapshot.

Password Recovery for ISE virtual machine

Step 1. Download  the ISO file of the current ISE version form Cisco software download site and upload it to the virtual machine's datastore.
Step 2. Power off  the virtual machine.
Step 3. Right Click ISE VM from the list and select Edit settings.
Step 4. In the virtual Machine properties window, navigate to  Hardware > CD/DVD, then select option Datastore ISO file and click on browse to the ISE version ISO under datastore ISO file.
Step 5. Click Connect At Power On  option.
Step 6. Navigate to Options tab in the same virtual machine properties window> go to Boot options, enable the option for FORCE BIOS Setup [The next time the virtual machine boots,force entry to bios setup screen and Click Ok. [Or you can press F2 or F12 continously while booting]
Step 7. Power on the VM and open VM console.
Step 8. You get a BIOS prompt.
Step 9. Change the order of CD-ROM Drive to be before the hard drive. [You can change the setting using + or - keys] and hit F10 to save the settings 

Step 10. On the next screen you get the options, as shown in this image.
Step 11. Select Option 3. You are prompted on this screen.

Select Option 1 for username admin and enter new password.

After successful password reset. it redirects you to the prompt shown in Step 10
Step 12. Click Enter in order to boot the ISE from existing hard disk.
Step 13. (Optional). You can redo steps 6-8  in order to restore the boot order to the hard drive as first option after successful password recovery in order to avoid  entering the  admin password recovery prompt every time a user access ISE VM console.

Note:
While doing the password recovery once we faced a situation that we didnt see the option to in step 11 [Select Option 1 for username admin and enter new password.].We tried to reboot again and was not getting option to reset admin password.Instead of that it was asking to set a new username and password.Even you enter a new username and password ,ISE used to get stuck in the loading screen in VMconsole.We restored the VMsnapshot and did the steps as per the procedure and we were able to 

3 comments:

  1. I think this problem can be solved just changing admin password policy settings via GUI and truying again.

    ReplyDelete
    Replies
    1. As per my understanding CLI admin password cant be reset from FYI if we lost it

      Delete
  2. good explanation shabeer

    ReplyDelete