[usman_a]

i thought that too.....i doubled checked the users profile and its date is set to 2016 by default and i changed it to 2017 and pushed the policy. I also check the secid on the ace server and the secid token has about 2 years left ..However the only thing i do not have control over is the client the user will connect to after the auth has happened.

Also the times are correct on the machines I have control over.

There is one thing to note.....the issue isn’t happening all the time it is intermit which leads to me to believe two things; the connection their trying to connect from is very much saturated and the point of initial connection to the point the user submits the password exceed the cp’s 2 minutes auth timers. if that’s not that case then its the target system they re trying to get to is at fault (i say as the initial rule was a user auth for ftp/telnet).