Cisco Cisco Identity Services Engine 1.0.4

This issue can affect Cisco ISE customers who have not changed their default “admin” account password 
for administrator user interface login since first installing Cisco Identity Services Engine Release 
1.0.3.377. Upon upgrading to Cisco Identity Services Engine Maintenance Release 1.0.4.573, 
administrators can be “locked out” of the Cisco ISE administrator user interface when logging in via the 
default “admin” account where the password has not yet been updated from the original default value.

To avoid this issue, Cisco recommends you do one or more of the following:

Verify they have changed password per the instructions in the “Managing Identities” chapter of the 

 prior to upgrade.

Disable or modify the password lifetime setting in the Administration > System > Admin Access 
> Password Policy page of the administrator user interface prior to upgrade to ensure the upgraded 
policy behavior does not impact the default “admin” account.

Enable password lifetime setting reminders in the Administration > System > Admin Access > 
Password Policy page to alert admin users of imminent expiry. Administrators should change the 
password when notified.

Although the above conditions apply to all administrator accounts, the change in behavior from Cisco 
ISE version 1.0.3.377 to version 1.0.4.573 only impacts the default “admin” account.

When you access the Cisco ISE administrator user interface using the host IP address as the destination 
in the Internet Explorer 8 address bar, the browser automatically redirects your session to a different 
location. This situation occurs when you install a real SSL certificate issued by a Certificate Authority 
like VeriSign.

If possible, Cisco recommends using the Cisco ISE hostname or fully qualified domain name (FQDN) 
you used to create the trusted SSL certificate to access the administrator user interface via Internet 
Explorer 8.