You are a FortiAuthenticator administrator for a large organization. Users who are configured to use FortiToken 200 for two-factor authentication can no longer authenticate. You have verified that only the users with two-factor authentication are experiencing the issue. What can cause this issue? (Choose one answer)

A. FortiAuthenticator has lost contact with the FortiToken Cloud servers
B. Time drift between FortiAuthenticator and hardware tokens
C. FortiToken 200 license has expired
D. One of the FortiAuthenticator devices in the active-active cluster has failed

Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments

Juan Diego Ruiz 2025-04-15 22:32:20

Selected Answers: B

The system clock in the token must be synchronized with the system clock in FortiAuthenticator. Perfect
synchronization is always impossible to achieve. There is always a difference, called a drift, between the two
clocks. The drift usually increases with time, causing both device clocks to become out of sync.
A time step (which is equivalent to the frequency that a new code is generated) is 60 seconds. FortiAuthenticator
will accept the valid code for the current time step, the one before, and the one after. So, any drift that is not
bigger than +/-1 time step is tolerated. If the drift is larger, a re-synchronization is required. This ensures that the
device provides the token code that FortiAuthenticator expects, because the codes are time-based. Fortinet
recommends synchronizing all new FortiTokens.
You can re-synchronize a FortiToken on the FortiToken page. Locate the FortiToken you want to synchronize
and click Synchronize. You must enter the code currently displayed on the FortiToken, wait for a new time step,
and then type the next code displayed. In this way, FortiAuthenticator can calculate the drift and adjust
accordingly.