That's an interesting observation, and unfortunately I don't believe there is a way to alter the NotBefore value. I'd offer up the following suggestions:
-
Coordinate time between sites. I'm surprised that someone isn't already having issues with time, given its criticality within other protocols and functions in a typical datacenter. UTC time sources are abundant, so there's rarely a reason not to be in sync.
-
Contact support and open a case. Indeed, the Oasis specification doesn't make any mention of dependencies between IssueInstant and NotBefore, and I've seen examples of them being different.