Issue
After performing an instance clone, users may not be able to login in the target instance, due to invalid MFA configuration values. The misleading error ‘Username or password not valid’ may appear.
Cause
When the clone is complete, the table 'user multifactor auth' from the source Instance is copied over to the target Instance. After the clone, the target could have incorrect source values and Multi Factor secret values. This must be preventing users from using MFA to log in.
Resolution
There are two ways to prevent the issue before cloning.
Method #1 (recommended)
Before performing the clone, manually add the table 'user_multifactor_auth' to the Clone Preservers / Exclude table + the Preserve Data table in the source instance:
- Login in the source instance
- Go to the "clone_data_exclude" table (in the filter navigator type in clone_data_exclude.list), click "New"
- Add "user_multifactor_auth" and save
- Go to the "clone_data_exclude" table:
- Ensure 'Include in System Clone' column is set to true
- Ensure 'Default' column is set to true
- Go to the clone_data_preserver table (in the filter navigator type in clone_data_preserver.list), click "New"
- Add "user_multifactor_auth" and save
- Go to the clone_data_preserver table
- Ensure 'Include in System Clone' column is set to true
- Ensure 'Default' column is set to true
Note: If role-based MFA is enabled, repeat steps 1-9 to also add the following tables to exclusions and preservers:
- multi_factor_criteria
- multi_factor_role
If using method 1, MFA should work as it did prior to the clone.
Method #2
Export the records from the table(s) as XML before cloning, and then import the XML into the target instance after the clone. Remember this import XML activity is only possible if the local admin user can login to the target instance after the clone.
Resetting MFA after cloning
If issues persist, you can use the procedure in this video to reset the MFA.
