I have some users who are being put into next tokencode mode even after having a history of successful authentication. In addition, there are users who are in a loop of next tokencode mode and repeatedly error out with "Passcode reuse or previous token code detected..." even to the point of locking their accounts. What causes this?
I worked with the rsautils to set all token clock offset back to zero and verified that the time of all primary and replica instances are accurate to true time.
What else can I do, aside from manually re-synchronizing the tokens, to help this issue? Is there something else I should check?