The time is not in sync between the Authentication Manager server(s) and the machine the MFA Agent for Windows is installed on.

Correct the time between the Authentication Manager server(s) and the machine the MFA Agent for Windows is installed on.

If the time on any of the Authentication Manager server(s) needs to be adjusted and is off by more than a couple of minutes, contact RSA Customer Support for assistance before proceeding. See the "Update System Date and Time Settings" page if adjusting the time on the Authentication Manager server(s) is needed.

----------------------------------------------------------------------------------------------------------------

Correcting the time between the Authentication Manager server(s) and machine the MFA Agent for Windows is installed on should typically resolve this issue, but if it does not, then there is a command line utility that can be run from the Primary Authentication Manager server to increase the time skew allowed between the server and agent machines. To run this command:

1. Log into the command line of the Primary Authentication Manager server.
2. Run the following command: /opt/rsa/am/utils/rsautil store -a update_config auth_manager.agent.max_clock_skew.seconds <skew allowed in seconds> <Primary Authentication Manager FQDN>

Note: The default "skew allowed in seconds" is 5.