Fully Resynchronize High Availability Tokencodes

Most High Availability Tokencode processing occurs automatically, but you might need to reset or fully resynchronize the High Availability Tokencode records for a number of reasons, including:

• You have changed your company account in Cloud Access Service (CAS) and you need to connect to Cloud Access Service again.
• AM adds an external identity source that is also synchronized to Cloud Access Service.
• Tokencode records were not updated because AM could not locate one or more users in the identity source, and now the issue has been resolved.
• Tokens were accidentally deleted by an administrator, and now the High Availability Tokencode records are needed in AM.

You cannot resynchronize a single user. You must update all of the records.

Before you begin 

You must be an Operations Console administrator, and have the rsaadmin password.

Procedure 

1. Log on to the appliance with the User ID rsaadmin and the operating system password that you defined during Quick Setup:
   • On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using an SSH client.
   • On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.
   • On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
2. Change directories to /opt/rsa/am/utils. Type:

   cd /opt/rsa/am/utils/

   and press ENTER.

3. AM uses the sync marker time attribute as the timestamp for the last synchronized token record in the AM database. Resetting this value to 0 prompts AM to synchronize all of the token records. Type:

   ./rsautil store -o admin -p password$ -a update_config auth_manager.cas.authentication.ha.seed_sync.marker_time 0 GLOBAL

   Where admin is name of an Operations Console administrator and password is the Operations Console administrator's password.

4. Press ENTER.