In my gitlab I need to enable my 2FA to continue using the service. But when I’m trying to add the 2FA it only giving me an invalid PIN. Please check my screenshot (I removed sensitive data):
Well turns out that the code generator app on my phone wasn’t with the hours correctly synced, you can fix that by either check if your device have the hours correctly synced or check the configurations on Authenticator app and force it to get sync on Settings -> Time correction for codes
Hello, i have the same issue. Is there a fix for it? I cannot add 2FA to our Git Lab Community account, it always tells me “Invalid Pin”.
It is no time out of pin number or related to the authenticator.
Any suggestions?
Hi @executable! You may have already tried this, but I think you should reach out to support@gitlab.com. Our experts take on login cases all the time and I bet they can help!
Once you get all sorted, please come back here and share what you’ve learned! Thanks!
If we can get it registered with a different App, this indicates there’s not a problem registering 2FA on server, but there’s likely a problem with your OTP app.
If other users are experiencing this same problem on your GitLab server, or if switching to using a different OTP app doesn’t work, I suggest checking the logs for any relevant error messages. An easy way to do this would be to run sudo gitlab-ctl tail on the GitLab server and then duplicating the problem by entering your OTP pin code and clicking “Register”. If its failing at the system or instance-level, I’d expect to see some relevant errors in the logs that we can use to troubleshoot further.
I am also experiencing the same problem. Last Friday I had to remove 2fa from all our users due to a regression which was patched on Saturday. Unfortnately, I am now seeing an error when trying to re-establish TOTP.
I have tried MS authenticator and andOTP, confirm that NTP is working properly on the on-prem gitlab server and my phone.
I tried running the above tail command, but I did not see anything relevant. It’s possible I missed something as it’s very noisy, but nothing stood out. Searching for my username only showed some GET requests, not any POSTs which failed.
Is there any place to look for more useful debugging information?
I had exactly the same problem. I searched online and the only same issue i’ve found was yours You were everywhere: stackoverflow, server fault and here, on gitlab.
I am pretty sure this is a bug on gitlab-side.
My use-case is:
deployed gitlab
activated 2FA enforcement
users activated 2FA
added 2FA for root and few hours after desactivated it
i did not activated root’s 2FA because i was waiting for a bitwarden deployment
signed-in again on my gitlab instance, after the grace period of 48h to activate 2FA & bam. I was stuck on the activation page with invalid pin code.
I was about to remove 2FA for each user using: sudo gitlab-rake gitlab:two_factor:disable_for_all_users but i was pretty sure that would fail due to the enforcement.
So i upgraded gitlab to the latest version and started forensic in its database (postgresql).
sudo gitlab-rails dbconsole
gitlabhq_production=> \x on
Expanded display is on.
gitlabhq_production=> select * from application_settings;
[...]
require_two_factor_authentication | t
two_factor_grace_period | 48
[/...]
This is what we are looking for. I tried: UPDATE application_settings SET require_two_factor_authentication = 'f' WHERE id=1;
Restarted gitlab instance and it worked like a charm.
I was able to login, to navigate on my gitlab instance/administration, activate a 2FA login and reactivate/disable 2FA enforcement to be sure gitlab cleans any problem i would have created in the database.
And then i registered on this forum to help you because i saw you seems to be stuck on that since a long time. Please excuse my bad english, i’m pretty tired
Hi, I’m having a related issue, I’m not sure if it’s the same though. Was every account on your server affected, or only that root account? I have an issue where some users can set up 2FA fine, others get invalid pin errors.