Cisco ISE web admin password expired

Today I decided to take another look at the Cisco ISE 802.1x certificate issues i've been having and just haven't had time to get back to and found that with version 3.2 of ISE, the admin password will expire by default every 45 days and you receive this nice little error message.

Not having seen this before and not having another account I can log into the Web UI with as this is a LAB server at home, and as you can see, there's no reset password button on the ISE Web GUI I had to do a bit of googling. Turns out it's quite an easy fix as long as you have SSH access to the ISE server. Luckily, the ISE SSH admin user is different to the web user. All you need to dois SSH to your ISE server and run the command application reset-passwd ise admin. 

WRLABISE01/admin#application reset-passwd ise admin
Enter new password:
Confirm new password:

Password reset successfully.

And that's it. You should now be able to log back into ISE with your admin user and the new password you specified. 

If you want to change the password policy for your admin user or users in general, log into the Web GUI of your ISE server and navigate to Administraton -> System -> Admin Access

From the Admin Access page, select Authentication from the left and then the Password Policy tab.

Scroll down on the Password Policy page and you will see a section for Password Lifetime. You can either change the number of days before it expires, or simply untick the option for Administrator password expires if you don't want it to expire at all. 

Once you've made your changes, click Save and you're done.