Every time someone is trying to authenticate and login to the VPN it says previous tokencode used, I have watched them use the current token and it still shows up as previous tokencode used on the activity monitor. This continues until their token gets put into the next tokencode state where it is impossible to get them out of. Does anyone have any ideas on how to get this working again?
I would try restarting the RSA services first, on the primary then any replicas. You do not need to reboot, just SSH in with PuTTy or CigWin with the Operating System Account, typically called rsaadmin, and password.
cd /opt/rsa/am/server
./rsaserv stop all
<wait until all Shutdown>
./rsaserv start all
The AM server considers a TokenCode as previously used, not by checking every tokencode possible from every minute in the past, but by checking the High Water Mark, HWM, which normally gets set after a successful authentication. Sometimes this HWM can get set in the future, e.g. in AM 8.2 no patches with a hardware clock set in the future. Restarting services clears HWM for all tokens. Might fix this.