Admin account locked after enabling password expiration

Admin account locked after enabling password expiration

35281
Created On 11/10/20 13:11 PM - Last Modified 07/22/23 03:05 AM


Symptom


  • Admin enable password expiration sometime after the admin accounts were created from Device > Password Profiles
  • After enabling password expiration admins accounts are locked, in the logs can see that admins users are in locked users list.

Environment

Cause


  1. Password expiry will be counted from the time account created or password changed, not from the time when policy is enabled.
  2. Let's say account was created 100 days ago and password was not changed since then. If password expiry will be enabled with 90 days period it will lock the account (default value). 
  3. Admin passwords should be changed before enabling password expiration. 

Resolution


Either revert your config or Factory reset from Maintenance Mode

How To Enter Maintenance Mode On Palo Alto Networks Firewall
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBbJCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language