Fully Resynchronize High Availability Tokencodes

Most High Availability Tokencode processing occurs automatically, but you might need to reset or fully resynchronize the High Availability Tokencode records for a number of reasons, including:

  • You have changed your company account in the Cloud Authentication Service and you need to connect to the Cloud Authentication Service again.
  • Authentication Manager adds an external identity source that is also synchronized to the Cloud Authentication Service.
  • Tokencode records were not updated because Authentication Manager could not locate one or more users in the identity source, and now the issue has been resolved.
  • Tokens were accidentally deleted by an administrator, and now the High Availability Tokencode records are needed in Authentication Manager.

You cannot resynchronize a single user. You must update all of the records.

Before you begin

You must be an Operations Console administrator, and have the rsaadmin password.


  1. Log on to the appliance with the User ID rsaadmin and the operating system password that you defined during Quick Setup:
    • On a hardware appliance, an Amazon Web Services appliance, or an Azure appliance, log on to the appliance using an SSH client.
    • On a VMware virtual appliance, log on to the appliance using an SSH client or the VMware vSphere client.
    • On a Hyper-V virtual appliance, log on to the appliance using an SSH client, the Hyper-V System Center Virtual Machine Manager Console, or the Hyper-V Manager.
  2. Change directories to /opt/rsa/am/utils. Type:

    cd /opt/rsa/am/utils/

    and press ENTER.

  3. Authentication Manager uses the sync marker time attribute as the timestamp for the last synchronized token record in the Authentication Manager database. Resetting this value to 0 prompts Authentication Manager to synchronize all of the token records. Type:

    ./rsautil store -o admin -p password$ -a update_config auth_manager.cas.authentication.ha.seed_sync.marker_time 0 GLOBAL

    Where admin is name of an Operations Console administrator and password is the Operations Console administrator's password.

  4. Press ENTER.