000018265 - Error: 'Command has expired' in RSA Adaptive Authentication 5.7 application server log

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018265
Applies ToRSA Adaptive Authentication 5.7
Adaptive Authentication 2.2
Adaptive Authentication 2.1
Adaptive Authentication 2.0
Stand alone application
A bug fix is set to be made in RSA Adaptive Authentication 5.8
IssueError: "Command has expired" in RSA Adaptive Authentication 5.7 application server log
How to fix Daylight Savings Time synchronization drift
During Daylight Savings Time adjustment on the RSA Adaptive Authentication On Premise Solution server, users attempting to enroll or sign in to the online application cannot be authenticated. The existence of the following application server log file entry indicates the problem:

<ProtocolAdapterBase failed: Command has expired!>
com.passmarksecurity.PassMarkException: Command has expired!
CauseThe Date function used in RSA Adaptive Authentication On Premise Solution server adjusts automatically for the local server Daylight Savings Time. This adjustment creates a logical hour difference between the calling client server and the Adaptive Authentication On Premise server which results in an expired cookie situation and the "Command has expired" error.
ResolutionSet the client and host server to GMT to insure matching times.

A quick workaround to this problem is to shift the clock on the server by 1 hour.  The item is scheduled for fixing in version 5.8 of the Adaptive authentication on premise solution.
Legacy Article IDa31603