Most High Availability Tokencode processing occurs automatically, but you might need to reset or fully resynchronize the High Availability Tokencode records, for a number of reasons, including:
- You have changed your company account in the Cloud Authentication Service and you need to connect to the Cloud Authentication Service again.
- Authentication Manager adds an external identity source that is also synchronized to the Cloud Authentication Service.
- Tokencode records were not updated because Authentication Manager could not locate one or more users in the identity source, and now the issue has been resolved.
- Tokens were accidentally deleted by an administrator, and now the High Availability Tokencode records are needed in Authentication Manager.
You cannot resynchronize a single user. You must update all of the records.
Before you begin
You must be an Operations Console administrator, and have the rsaadmin password.
- Log on to the appliance with the User ID rsaadmin and the operating system password that you defined during Quick Setup:
- On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using an SSH client.
- On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.
- On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
- Change directories to /opt/rsa/am/utils. Type:
and press ENTER.
Authentication Manager uses the sync marker time attribute as the timestamp for the last synchronized token record in the Authentication Manager database. Resetting this value to 0 prompts Authentication Manager to synchronize all of the token records. Type:
./rsautil store -o admin -p password$ -a update_config auth_manager.cas.authentication.ha.seed_sync.marker_time 0 GLOBAL
Where admin is name of an Operations Console administrator and password is the Operations Console administrator's password.
- Press ENTER.