Validation with a Symantec VIP token fails with error 4923: The OTP you provided is within the Sync window, but outside the Look Ahead Window. This operation requires a second consecutive OTP. authenticateUser status code 604A OTP out of sync
Symantec VIP credential IDs are synchronized with the VIP cloud when the credential ID is assigned to the app. If the time of the device clock drifts slightly ahead or behind, the VIP service will automatically synchronize the credential ID.
If the system clock drifts too far ahead or behind the automatic resynch window, but is within the acceptable threshold settings for a manual resynch, the VIP service responds with an 'invalid OTP'. Error 4923 is seen in the logs.
If the system clock drifts extremely ahead or behind, the credential cannot be synchronized and will fail consistently with an 'invalid OTP' error. Error 49b5 is seen in the logs.
Resetting the credential requires a resynchronization of the credential with 2 consecutive, unique security codes:
Important: Resynchronization should be performed after the system time has been corrected. Frequent 4923 errors can be an indicator of a drifting system clock.