Hardware token being locked out
Reaching out for some help if possible.
We are based in the UK and we have people working offshore in India who use hardware tokens (Feitian OTP c200) to sign in through Authpoint. One person who uses a token can sign in fine. I have another generic user id however, that is shared between three people who also pool three tokens, that constantly has the tokens blocked. Sometimes they can log in fine but the majority of the time I come in in the morning and they are locked out and I have to unblock them. With the time difference however that means they have missed half a day signing in to the system.
I'm unable to shadow them or remote onto their machine, so it's a bit difficult trying to see where the problem lies. I have resynced all the tokens but the problem persists. However, looking through the logs I'm finding a strange series of events that I can't replicate. There will be an Authorized event, Category RADIUS, Sub-Category LDAP_OTP, followed on average 10 secs later by an Unauthorized event, Reason: The OTP is not valid. After a few of these the token is blocked.
I don't understand why it's showing authorised followed by unauthorised, with the token looking like it is the culprit for this second unauthorised message. If I try and replicate it this side by purposefully entering an incorrect code, or an old one, I just can't get the same series of events. It just won't authorise it. I won't get an authoristion followed by an unauthorised one.
If anybody could help with this as I'm starting to tear my hair out with it.....and I need all the hair I can get at the moment!
Thanks very much.