Users are unable to authenticate via the first factor through the validation server when their LDAP password contains special characters.
The validation server logs indicate that the LDAP password is incorrect.
INFO "2017-10-27 08:22:11.236 GMT-0700" 0.0.0.0 MyVal:1814 0 0 "text=Access Denied 0x006b: Schema validation failed. (Error encountered during schema validation. Invalid element pin, top, or temporaryPassword values.), user=[xxxx], bizCont=off,reason=34
INFO "2017-10-27 08:22:11.236 GMT-0700" 0.0.0.0 MyVal:1814 0 0 "text=Sending Acces-Reject for user [xxxx] , reason=3; Incorrect LDAP Password." Thread-3955157872 VSAuthOTPStandardControllerImpl.cpp
AUDIT "2017-10-27 08:22:11.236 GMT-0700" 10.10.100.3 MyVal:1814 0 18870 "text=Access DENIED Incorrect LDAP Password. ,reason=3; Incorrect LDAP Password." Thread-3955157872 VSValidationEngine.c
By default, validation servers only support UTF-8 characters when configured in ULO mode (username + LDAP password + security code).
To allow additional non-UTF-8 special characters to be accepted and read correctly, the encoding on the validation server must be changed to ISO-8859-1.