many thanks for your answer. Our Moodle store the token for the user, that is all correct.
We use to the config setting $CFG-> disablelogintoken = true; maybe this is our problem?
On our test system is everything ok, the same version and the same settings.
Or could it be, the other server configuration behind a proxy?