Troubleshooting IBM MFA
The troubleshooting steps you perform depend on which system has failed.
Browser shows incorrect or stale data
If your web browser shows incorrect or stale data, refresh the browser window. The browser cache might be out-of-sync with the IBM® MFA server.
IBM MFA certificate authentication not working
If the user receives an "There was an error connecting to the server." error when attempting to log in with certificate authentication, ensure that Enable out-of-band Services and Enable certificate services are both enabled, as described in Configuring server options.
The user receives an "Error processing MFA request" error
- The authentication methods configured for the user must match the policy. The policy is not satisfiable if the user is not configured for all of the authentication methods required by the policy.
- No preceding or trailing spaces must exist in the IBM MFA GUI configuration. For example, if an extraneous space exists in the Radius Primary Server field, IBM MFA will not be able to resolve the host name or IP address.
- No preceding or trailing spaces must exist in an entry in the pam.d files, as described in Editing the /etc/pam.d files on Red Hat Enterprise Linux for IBM Z and LinuxONE and Editing the /etc/pam.d files on SUSE Linux Enterprise Server on IBM Z.