|Applies To||RSA ACE/Server|
RSA Authentication Manager 6.x
UNIX (AIX, HP-UX, Solaris)
|Issue||RSA ACE/Server users' tokens are disabled after 3 bad login attempts|
Error: Good Tokencode/Bad PIN Detected
NOTE: This is 'Function As Designed'; RSA Security, Inc. does not supply a method for Administrators to modify this setting.
|Resolution||It is possible that the user forgot their PIN or may be using a correct PIN for a different token (e.g. using the wrong key to open this lock). The following steps will help correct this issue:|
1. Check that the user is using the serial number token assigned to the account they are logging in with
2. Clear the PIN for this token and explain the PIN parameters (see the solution regarding How to specify whether the System or the Users will create PINs; How todisallow users to select computer generated PINs for more information)
3. With the log monitor running, have the user attempt to authenticate again assigning themselves a new PIN.
NOTE: If you receive "Good Tokencode/bad PIN detected" only one time then receive the message "Token disabled, suspect stolen" in your log, you should look at Error: 'Token disabled suspect stolen' after only one 'Good tokencode/bad PIN detected'.
|Legacy Article ID||a20593|