Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JohnstoneSupply
Beginner
Beginner

Removing a user from next tokencode mode

0 Likes
3 Replies
jeffshurtliff
Administrator Administrator
Administrator

Hi,

 

I have moved this thread to the https://community.rsa.com/community/products/securid?sr=search&searchId=47e7c052-d37b-47ea-b35e-0692ac5586e8&searchIndex=0‌ page so that you can get an answer to your question.

 

Thanks,
Jeff

0 Likes
MohamedAboElKhe
Employee
Employee

Hi,

 

There is a utility you can use from the AM server command line to reset next tokencode mode for any number of tokens you want or for all of them. However, please note that next tokencode mode is sometimes needed to re-synchronize the token when having a slight time difference from the server, so you should keep it unlesss necessary.

 

To use the utility you can follow the below steps:

 

1- Open an SSH session to the AM server.

2- Run the below commands to move to the utilities directory:

# cd /opt/rsa/am/utils/

3- To reset next tokencode mode for ALL tokens use the below command:

# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -a -n

e.g:
# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -a -n

4- To reset next tokencode mode for SOME tokens, you will first need to create a file on the AM server with all serial numbers of  tokens you need to reset each in a newline as shown in the below example:

# cat /tmp/tokens
000113474499
000113474500
000113474501

Then you need to run the below command:

# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -f <path of token file> -n

e.g:
# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -f /tmp/tokens -n

 

Please check and let me know if this meets your requirements.

MHelmy
Moderator Moderator
Moderator

Well you can fix the symptom of Next token code mode by the following:

 

1. Login to the Security Console > Users > Locate the user with problems > Click on the arrow beside the user to open the context menu >  Authentication Settings > Check the "Clear incorrect passcodes" check box > Save. That should remove all his tokens from next token-code mode.

 

However this will not fix the cause of it. If its just due to typing mistakes of the token code more than once, then he should be ok on the next login. However if his token is out of sync, then he will keep failing authentication till he hits next-token code mode again. At that point you need to re-synchronise his token from the Security Console.