2FA with OTP broken after restoring from Backup

I moved my Discourse from my personal PC to an “always on” Server, both in the same network. Created a fresh docker with discourse and then restored the backup as shown here: Restore a backup from command line

Everything is fine but login for users who activated 2FA with OTP. I’m using AndOTP on Android and the OTP was no longer valid. Also, creating a new 2FA-Token is impossible, because the token created by the app is not accepted by Discourse. So somehow, even tho I just scanned the QR-Code, the created token is no longer correct.

I assume I did something wrong?

1 Like

To narrow down the problem: I have just tried securing my account with a Yubikey, and that worked just fine.

It’s only OTP.

1 Like

Have you tried deleting the OTP records before recreating new ones? See this post for help Disable 2FA via console - howto / sysadmin - Discourse Meta


No, I didn’t - so thank you for that. I had helped myself by creating a new admin user and logging in as this user and using the web interface to disable 2FA for the affected users.

I have now followed your link (thank you for that) and it worked insofar that my 2FA with a YubiKey has been disabled.

But using 2FA with OTP again? No. I can’t add an authenticator app, because after scanning the QR-Code, the generated token is not valid. Which was NOT a problem on the original instance.

Oh, I haven’t seen this recently, what version of Discourse are you currently running?

maybe some time discrepancy between server and client ?


Both versions (source of the backup and the system the backup was restored to) are 2.8.0.beta1

I will check that tomorrow - I don’t have access to the system today. That might be the problem, but I’m reasonably sure that ntp is active and should correct the internal clock of the server.


You were right, that solved my problem. While ntp was installed, the time discrepancy was so large that ntp was no longer correcting it. I have now forced the sync and OTP works again.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.