How to Reset Cisco ISE VM’s CLI GUI Password

I always forget my Cisco Identity Service Engine’s (ISE) command-line interface (CLI) and graphical user interface (GUI) password and have Googled many times how to change these two. Resetting the GUI password requires CLI access; therefore, resetting the CLI password comes first if both are inaccessible.

Reset CLI Password

In order to change the CLI password, the password recovery tool in the ISO image needs to be used. There are some necessary steps to launch this tool. Those steps include the following.

  1. Mount ISE ISO file
  2. Change boot option in basic input/output system (BIOS)
  3. Power on VM
  4. Unmount ISO file
  5. Reload

1. Mount ISE ISO file

Add the CD/DVD Drive by right-clicking the VM and choosing “Edit Settings…”, and select “ADD NEW DEVICE”. I have pre-uploaded the ISE ISO image in the datastore of vCenter Server, and choosing “Datastore ISO file” allows us to select that file.

vm_mount_ise_iso.gif

2. Change boot option in basic input/output system (BIOS)

Enable “Force BIOS setup” in VM Options to change the boot sequence for the VM to boot from the mounted ISO file.

vm_force_bios.gif

3. Power on VM

ise_cli_password_recovery_tool.gif

After powering on the VM, it will launch system utilities from the ISO. Enter 1 for the following menu.

Available System Utilities:

[1] Recover Administrator Password
[2] Virtual Machine Resource Check
[3] Perform System Erase
[q] Quit and reload

Enter option [1 - 3] q to Quit:

Enter 1 and change the password of the admin following the prompt.

-------------------------------------------------------------------------
------------------------ Admin Password Recovery ------------------------
-------------------------------------------------------------------------

This utility will reset the password for the specified ADE-OS administrator.
At most the first five administrators will be listed. To Abort without
saving changes, enter [q] to Quit and return to utilities menu

-------------------------------------------------------------------------

Admin Usernames :

   [1] admin

Enter choice [1] or q to Quit :

After changing the admin password, the screen will change back to the system utilities menu. Don’t restart the VM by entering [q] just yet, dismounting the ISO file comes first.

4. Unmount ISO file

Follow the same procedure taken in 1, and unmount the ISO file by removing the CD/DVD drive, or unticking the connected box.

vm_unmount_ise_iso.gif

5. Reload

Finally, reload the VM by entering [q] in the system utilities, and login username admin and the new password.

ise_login.gif

Reset GUI Password

Once gaining access to CLI, execute the below command to change the GUI password.

application reset-passwd ise <username>

In my case, the username equals admin.

In addition, the password for ISE GUI admin expires in 45 days by default. For lab environments, this becomes a pain in the neck. Go to Administration > System > Admin Access > Password Policy to change the default password expiration configuration. I have disabled all policies for the ease of labbing.

ise_change_password_policy.png

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.