Attempting to install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO but didn't succeed on 29 April 2022 Friday

Subject: Attempting to install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO but didn’t succeed on 29 April 2022 Friday

Good day from Singapore,

The following are the reference guides which I have followed.

Reference guide 1: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security

Reference guide 2: How to link a GPO to an OU?
Link: How to link a GPO to an OU

Reference guide 3: Windows SDK
Link: Windows SDK - Windows app development

Reference guide 4: Win MSI deploy via GPO fails
Link: Win MSI deploy via GPO fails

Reference guide 5: How to create and manage the Central Store for Group Policy Administrative Templates in Windows
Link: Create and manage Central Store - Windows Client | Microsoft Docs

Reference guide 6: Duo Authentication for Windows Logon and RDP (it’s important to enroll users before installation)
Link: Duo Authentication for Windows Logon and RDP | Duo Security

Reference guide 7: Group Policy Software installation fails - Error 1612
Link: https://community.spiceworks.com/topic/637438-group-policy-software-installation-fails-error-1612

I have created a Group Policy Object GPO to install Cisco Duo Security Group Policy MSI Installer in Windows Server 2012 R2 Datacenter, which is a domain member server, but it failed.

Here are the error messages from Event Viewer in Windows Server:

Windows failed to apply the Software Installation settings. Software installation settings might have its own log file. Please click on the “More information” link.

The install of application Duo Authentication for Windows Logon x64 from policy Deploy Duo Client to Windows server failed. The error was : %%1612

Is it possible that Cisco Duo Security Group Policy MSI installer is incompatible with Windows Server 2012 R2 Datacenter?

Is it possible that Cisco Duo Security Group Policy MSI installer can only be installed on domain member workstations like Windows 8, Windows 10 and Windows 11?

The following guide keeps mentioning domain member workstations for a total of 4 times.

Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy

Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security

I have a 2nd question. If it is not due to incompatibility issue, could the installation error be due to file and folder names on the centralized software deployment share?

Deployment source: \fileserver1\d\Duo4.2.0\DuoWindowsLogon64.msi

Transforms: \fileserver1\d\Duo4.2.0\duo420-64.mst

I am wondering if the file and folder names listed above could present a problem.

I am looking forward to your replies.

Thank you very much.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Singapore
1st May 2022 Sunday

Subject: How to successfully install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects (GPO)

Dear all,

I have finally solved the problem on 4 May 2022 Wednesday morning in Singapore.

These are what you have to do.

Refer to the following guide.

Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security

Create the 1st Group Policy Object (GPO) using the above guide, under the section “Creating the Duo Authentication for Windows Logon GPO”.

DO NOT create the 2nd Group Policy Object (GPO) under the section “Deploying Duo Authentication for Windows Logon to clients using Active Directory”. This is because Cisco Duo Group Policy MSI installer (.msi) is incompatible with and cannot install on Windows Servers. The MSI installer only installs on domain member workstations like Windows 8, Windows 10, and Windows 11.

Since my task is to install Cisco Duo client on Windows Server 2012 R2 Datacenter, I repeat, DO NOT create the 2nd Group Policy Object (GPO).

Download and install the Cisco Duo client (.exe) and follow the instructions from the following guide.

Reference guide: Duo Authentication for Windows Logon and RDP
Link: Duo Authentication for Windows Logon and RDP | Duo Security

That’s all. You have successfully installed Cisco Duo client on Windows Server 2012 R2 Datacenter, which is a domain member server.

I have figured out all of these on my own.

Thank you.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Singapore
5 May 2022 Thursday

1 Like

Thank you for following up to share the solution you found with the wider commuity! I’m glad you were able to get this resolved :smile: