Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. One Time Passcode failure in Multi-Factor Authentication User Portal

One Time Passcode failure in Multi-Factor Authentication User Portal

View products that this article applies to.

Symptoms

Assume that you have HTTP Redirection, URL Rewrite, or an equivalent setting configured for the Internet Information Services (IIS) Web Server. When you try to use One Time Passcode to log in through Multi-Factor Authentication, you receive the following error message:

Incorrect one-time passcode.

↑ Back to the top

Cause

The issue may occur if you configured IIS with an HTTP Redirection rule to forward traffic to Multi-Factor Authentication User Portal. When the browser navigates to one_time_passcode.aspx, additional requests can be made to obtain favicon.ico. When IIS redirects those requests to the Login.aspx page, the session is cleared, and the One Time Passcode automatically expires. Therefore, when you enter the One Time Passcode, the server rejects the entry and returns the “Incorrect one-time passcode” error.

↑ Back to the top

Resolution

Redirect configuration must exclude files such as favicon.ico that occur during the One Time Passcode process. There are many ways to configure HTTP Redirect such as by using the built-in HTTP Redirect module, the URL Rewrite module, or load balancer–based redirects. Contact the administrator who set up the redirect to assist with adjusting the redirect configuration.

Sample redirect configurations

URL Rewrite

If the server is already configured with URL Rewrite–based redirection, adding an additional rule as follows above the existing rule will cause all requests for favicon.ico to be ignored when the URL Rewrite rules run:

<rule name="Ignore favicon.ico" stopProcessing="true">

              < match url="^favicon.ico$" />

              < conditions logicalGrouping="MatchAll" trackAllCaptures="false" />

              < action type="None" />

</rule>

HTTP Redirect

If the server is configured with HTTP Redirect–based redirection, setting the enabled flag to False for the favicon.ico file will cause the HTTP Redirect module to ignore requests for favicon.ico. You can do this by running the following AppCmd line:

appcmd.exe set config "Default Web Site/favicon.ico" -section:system.webServer/httpRedirect /enabled:"False" /commit:Site

↑ Back to the top

More Information

For more information, see HTTP Redirects and Using the URL Rewrite module.

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 3185067
Revision : 1
Created on : 1/7/2017
Published on : 8/19/2016
Exists online : False
Views : 335