Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BleBla
New Contributor

FortiAuthenticator error 20104: replay previous token

Hello,
we have lot of  20104 errors:

ID                            4883811
Timestamp           Tue Feb 8 14:15:21 2022
Level                      information
Action                   Authentication
Status                   Failed
Source IP             192.168.199.2
Message              Remote LDAP user authentication with FortiToken failed (chosen FTM push notification): replay previous token
User                      <USERNAME>
Log                       Type
Type Id                 20104
Name                    Authentication Failed Replay
Sub Category      Authentication
Category              Event
Description           Authentication failed, use/replay previous token code

 

I suppose, this is caused by error in time synchronization, but neither resynchronization nor deleting and recreating user helped. 

At the end, users usually succeed in connecting, or even do not complain (do not noticed?). 

Does anybody can guess, what is the possible cause?

ThanX a lot for any help.
Murphy

 

1 REPLY 1
mturic
Staff
Staff

Hi,

 

usually token drift would be shown as a simple incorrect token code or token out of sync (as it would not match what the FAC is expecting for that timestamp). 


You can check for token drift as described here:

https://community.fortinet.com/t5/FortiAuthenticator/Troubleshooting-Tip-FortiToken-Mobile-clock-dri...

Token replay would be for example when a user tries to re-use the same token code (if talking about TOTP tokens which are by default refreshed every 60 seconds, if the user would try to authenticate twice within the same minute with the same token code before it would refresh). 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors