Preview Tool

Cisco Bug: CSCtf06311 - All internal users disabled automatically after logging in a single user

Last Modified

Feb 26, 2018

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases


Description (partial)


ACS 5.1 internal users get disabled with the reason "password expired".


Reproducible on demand:

1. ACS
2. Configure one or more internal users, with or without the checkbox to enforce the password change.
3. Under the users authentication settings, select the two options

Disable user account after X days if password was not changed
Display reminder after Y days

4. Authenticate successfully just one user via Tacacs+ and wait for 30 minutes or more.
5. All the internal users will be automatically disabled by the Administrator user called 'SERVICE', with Object Type 'ProtocolUser' with the blocking reason 'PASSWORD_EXPIRED'.

Related Community Discussions

ACS 5.1 - Users disabling intermittently
Hi, I am currently having issues with user accounts intermittently disabling. The expiration in the global settings is for 30 days and the system has only been in and running for less than a week now. Any ideas? Have tried a few things but nothing seems to work other than enabling the user/s again and work fine for a while. Is there a log that I can look at to tell me why? Thanks. Andrew
Latest activity: Apr 26, 2010
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.