Only the system account is allowed to retreive the token (since it is the user's primary
access token). So my question is are you retreiving the token as system or as user/administrator?
PS: see my post above, maybe you can revert to the original code?