I have setup aliased accounts for our admins that have both a user account and an administrator account so that they only require one hardware token. I noticed that the Offline days never refresh for the aliased account. Is there a way to make this refresh or will that aliased account be forced to be 'online only' once the days expire?
While watching the authentication monitor I can see that when logging on as the aliased account (the admin) it is authenticated with the account with the token assigned (the user). A few seconds later a second request is made for Offline Authentication Data, this request is made using the aliased account name and fails. The error log shows that it is an "INVALID_PROOF"