If the VA is setup with MFA and the account is locked out e.g. if authenticator app is lost, the secret can be reset.
Log into the VA console over ssh
Local Administrator account:
Use each command to disable MFA for the account.
mysql
use cristie;
update users set mfatype=null where id=1;
If another local user:
MFA can be disabled by an Administrator in User Management
Select the burger next to the account / Remove User MFA
Ask the user to log in again.
When setting up the TOTP again for the local administrator account, if you get the below:
Run the command to remove the secret.
mysql
use cristie;
mysql -e “use cristie; delete from usersmfasecrets where userid=1;”