This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

SecurID users in Russian Federation cannot authenticate with software tokens

Article Number

000051029

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: SecurID Appliance and RSA Authentication Manager
RSA Version/Condition: v3.0.4, v7.1, v8.0, v8.1

Issue

Users in Russia are not be able to authenticate with their replacement soft tokens. The user's token has to be synchronized by an administrator.

Cause

The Russian Federation changed how they implement Daylight Savings Time. When the smart device receives its time from the carrier switch, the time offset for UTC/GMT time is incorrect by 60 minutes.

This can be confirmed with the following steps (see Resolution section below for instructions):
  1. Manually resynchronizing a token using the Security Console
  2. Running the sync-tokens command in list mode to list synchronization information for all tokens.
The report produced by the sync-tokens command will show the offset of the fixed token as -60.

Running sync-tokens Command in List Mode

The sync-tokens command is run from SSH on v7.1 and v8.1.   The following example shows how to run it in list mode.  

  • The administrator user ID must be a Security Console administrator
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil sync-tokens -I

Authenticator Bulk Synchronization Utility 8.1.1.4.0 (1378060)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.

Enter the absolute path for the output report file               : /tmp/purgeme.txt
Enter the base security domain name for recursive search [(none)]:
Enter the type of token selection                [ (all) | file ]:
Choose a token filter          [ assigned | unassigned | (both) ]:
What action do you wish to perform?            [ (list) | modify ]:
Enter administrator user ID                                      : superadmin
Enter administrative password                                    : **********

Authenticator Bulk Synchronization Utility 8.1.1.4.0 (1378060)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.

Started job on Thu Jan 07 20:29:27 EST 2016 with ID = ims.a44c864466fea8c01aecb69a4722d1ba


 

Resolution

Resynchronize affected tokens using the Security Console.  For more information, refer the appropriate Administrator's Guide for your product version: Alternatively, tokens can be synchronized in bulk from SSH using the sync-tokens utility.  See How to synchronize RSA SecurID tokens in RSA Authentication Manager 7.1 or How to synchronize tokens in RSA Authentication Manager 8., as appropriate.

Workaround

Set the device to another time zone. Although the local time shown by the device will be incorrect, the SecurID token will work.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-08-30 02:47 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.