000017857 - Cannot synchronize token in RSA Authentication Manager 8.1.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000017857
Applies ToRSA Authentication Manager 8.1
IssueCannot synchronize token in RSA Authentication Manager 8.1.
Error "Tokencode was previously used" when synchronizing token through the Security Console.

"There was a problem processing your request. TokenCode was previously used?   Both codes entered, second code gave error.  Reboot fixed this


System time on primary and replica(s) are in sync.
CauseThe token seed records may have become corrupted.
The token has a watermark and it has either a past or future date and time, probably due to the result of the authentication manager running with a past or future time.
Resolution

If reboot or clear cache does not work, RSA Customer Support has a workaround to try and resolve this technical issue which can be tried before contacting RSA Customer Support for further assistance.


 



  

1.


  
  

Delete the token seed record for the problematic token(s) in the database


  

 


  

i)              Logon to the RSA Security Console with a user who has an administrative role.


  

 


  

ii)             Use the Authentication tab > SecurID Tokens > Manage Existing to locate the tokens in question.


  

 


  

iii)            Left-click the Serial Number of token and select Delete or alternatively check a number of Serial Numbers, select Delete (in the action selection) and click the Go button.


  

 


  

  

2.


  
  

Re-import the token seed XML file (ignoring all duplicate tokens already in the authentication manager database).


  

 


  

NOTE: this re-import will require a password if the token seed XML file is password protected.


  

 


  

 


  

i)              Logon to the RSA Security Console with a user who has an administrative role.


  

 


  

ii)             Use the Authentication tab > SecurID Tokens > Import Tokens Job > Add New
  
    - change the Import Job Name to suit the task, select the appropriate Security Domain, Browse to the token seed XML file, enter the File Password (if the token seed XML file is password protected) and ensure ?Ignore all duplicate token? is selected before Submitting the Job (with the Submit Job button).


  

 


  

iii)            Assign the token(s) back to the appropriate end user(s)
  
   Identity tab > Users > Manage Existing ?Search for the user; left-click the User ID, select SecurID Tokens and use the Assign Token button to search for the token and assign it to the end user.


  

 


  

 


Contact information for RSA Customer Support is located at URL http://www.emc.com/support/rsa/contact/index.htm should you require technical assistance with a purchased RSA product.

Legacy Article IDa64728

Attachments

    Outcomes

      Visibility: RSA SecurID Access Knowledge Base1175 Views
      Last modified on Apr 21, 2017 10:16 PM
      Tags:
      Ratings: