OTP enabled - user can no longer login to userportal

Seems like the OTP is not correct. 

Check the access_server Log on the CLI or check the time date of OTP. Also check the time of the device. 

from my understanding before OTP is configured for the user, the user needs to log into userportal and scan the QR code there.

problem here: he cannot get to the portal to do that

time is correct

MESSAGE   Dec 20 15:42:52.109171 [OTP_AUTH]: (otp_handle_complete_password_success_request): REJECT4 for user testuserotp (user didn't use OTP, auto-creation of tokens is not enabled)
ERROR     Dec 20 15:42:52.109253 [access_server]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed

from my understanding before OTP is configured for the user, the user needs to log into userportal and scan the QR code there.

problem here: he cannot get to the portal to do that

time is correct

MESSAGE   Dec 20 15:42:52.109171 [OTP_AUTH]: (otp_handle_complete_password_success_request): REJECT4 for user testuserotp (user didn't use OTP, auto-creation of tokens is not enabled)
ERROR     Dec 20 15:42:52.109253 [access_server]: check_auth_result: VPN/SSLVPN/MYACC Authentication Failed

If you disable auto-creation, they cannot create the OTP token. 

:-) that's true

MESSAGE   Dec 20 16:22:15.234791 [OTP_AUTH]: (otp_handle_complete_password_success_request): Will present QR-Code in User Portal UI1 to user testuserotp for scanning

it's working with the sophos authenticator app. we're testing also the yellow REINER SCT TOTP G1 token generators. when scanning the QR code with it, it's not generating a new entry just skips over to an existing account. do you know something about that?

problem with the REINER token generator has has been fixed by the new firmware https://www.reiner-sct.com/update-authenticator which is a firmware update by watching a youtube video ^^