I have got 1 user having this problem as well. We are using ActivIdentity PKI smart card as token and the user had been able to logon successfully for 2-3 weeks after installation. However, recently he got this "incorrect token for user" message after keying in his credentials. We had checked his user account in EEM, the token is actividentity, the audit doesn't show any changes made as well. We had also removed the password token drivers from then PBA such that user will only have 1 option - ActivIdentity smart card for logon. Hence we are very puzzled on what actually went wrong. Any idea?
Removing the pwd token is a big no-no, as other tokens, like the ai token, use it prior to the cert being set for pki auth.
Remember you can't actually create a user with the ai pki token, you need to let the connector create it for you.
Did you recently remove the pwd token from the preboot, as I am a little mystified how you could have deployed successfully :-)
Thanks for the reply.
We have a very restrictive policy where every users, even the administrator is using pki auth with ai (we deleted the root admin account after running the ldap connector). Hence, the password dll and dlm was removed.
Yes, we did use the ldap connector to create the user with ai as their logon token. All the users have a smart card logon cert assigned to them. This particular user was able to logon successfully for 2-3 weeks after installation with his ai smart card until few days back where he get the reported error message when he tried to logon at PBA. i find this issue rather strange as I had check the audit log as well as the LDAP log and no changes have been made to the user account/ At the same time, we had deployed close to 3000 users using only ai token at pba and so far, only this user encountered this problem.