If a contactless card is failing authentication at another computer post-enrollment please review the items below:
-
The reader is the same device as the one that enrolled the card
-
The MFA policy contains the RFDevice setting and it was passed down to the client(s) (see Troubleshooting section from Enrolling A Contactless Card)
-
If the card failing is a new card for an existing user, try clearing the cached credentials
-
If the user has never logged into a computer with their card at least once, make sure it can communicate with the MFA server (this can be done through a quick manual sync by right-clicking our logo in the app tray); if it can synchronize but still failing, review the TLS settings on both the client and server and make sure that they match
-
SEOS cards are not compatible with the MFA software; they will initially enroll, but due to the way they function, the scanned value changes at every scan causing the "Card not registered" error
Verify the Card is in the Database
You can run the following query to verify that the card data was successfully sent to the system during enrollment and bound to the user or not.
Update the last line and replace username with the user's MFA username (while keeping the 'single quotations'). If the card successfully enrolled, a single record should appear. If there are no results, then the card did not successfully enroll to the user.
SELECT u.name, scu.card_id, c.cuid, scu.binding_date, scu.status
FROM SC_Card_Users scu
JOIN Users u ON u.user_id = scu.user_id
JOIN SC_Cards c ON c.card_id = scu.card_id
WHERE c.card_type_id = 6 AND u.name = 'username'
If more than one record appears after running the query, that could be the issue. By design, users can only have one card assigned to their username at a time. You will need to verify which card was the most recent and delete it from the system. You can use the most recent "binding_date" record.