Preview Tool

Cisco Bug: CSCtf06311 - All internal users disabled automatically after logging in a single user

Last Modified

Feb 22, 2014

Products (1)

  • Cisco Secure Access Control Server Solution Engine

Known Affected Releases


Description (partial)


ACS 5.1 internal users get disabled with the reason "password expired".


Reproducible on demand:

1. ACS
2. Configure one or more internal users, with or without the checkbox to enforce the password change.
3. Under the users authentication settings, select the two options

Disable user account after X days if password was not changed
Display reminder after Y days

4. Authenticate successfully just one user via Tacacs+ and wait for 30 minutes or more.
5. All the internal users will be automatically disabled by the Administrator user called 'SERVICE', with Object Type 'ProtocolUser' with the blocking reason 'PASSWORD_EXPIRED'.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.