|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
O/S Version: ESXi 5.0
Some users receiving errors when attempting to login and they are asked immediately to wait for the next token code.
Time on Primary and Replica is different.
Fix time, specifically time source on Primary and all replicas.
Run ./rsautil sync-tokens -I to clear NTC and lockouts, but this is only a patch. If the Primary and replica times are more than 2 minutes apart, this problem will keep happening whenever a user authenticates against one then the other.
See also KB 000027095 - Explanation of Next Token Code Mode and Small Medium and Large Windows in SecurID Authentication