Steps to fix two factor auth setup error

Steps to fix two factor auth setup error



Problem:

Unable to configure two factor auth for the user and getting following error while entering 6 digit code during setup.

"Error! Enter code again to confirm setup"


Solution:

We need to increase time windows offset limit for two factor authentication.

su - zimbra
zmprov mcf zimbraTwoFactorTimeWindowOffset 15   
zmprov fc -a all

Note: If you still get same error with 15 then increase offset upto 30. 30 is maximum limit.


Attribute Description:
zmprov desc -a zimbraTwoFactorTimeWindowOffset

   Determines the number of windows to check when trying to validate a
   TOTP code (NOW-n through NOW+n). This number should typically be
   small, but a minimum value of 1 is usually necessary to account for
   network latency and clock drift. See also:
   zimbraTwoFactorTimeWindowLength and
   https://tools.ietf.org/html/rfc6238#section-5.2

              type : integer
             value :
          callback :
         immutable : false
       cardinality : single
        requiredIn :
        optionalIn : globalConfig
             flags :
          defaults : 1
               min : 1
               max :
                id : 1830
   requiresRestart :
             since : 8.7.0,9.0.0
   deprecatedSince :
Jump to: navigation, search