05-02-2022 07:31 AM
Subject: Attempting to install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO but didn’t succeed on 29 April 2022 Friday
Good day from Singapore,
The following are the reference guides which I have followed.
Reference guide 1: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security
Reference guide 2: How to link a GPO to an OU?
Link: How to link a GPO to an OU
Reference guide 3: Windows SDK
Link: Windows SDK - Windows app development
Reference guide 4: Win MSI deploy via GPO fails
Link: Win MSI deploy via GPO fails
Reference guide 5: How to create and manage the Central Store for Group Policy Administrative Templates in Windows
Link: Create and manage Central Store - Windows Client | Microsoft Docs
Reference guide 6: Duo Authentication for Windows Logon and RDP (it’s important to enroll users before installation)
Link: Duo Authentication for Windows Logon and RDP | Duo Security
Reference guide 7: Group Policy Software installation fails - Error 1612
Link: https://community.spiceworks.com/topic/637438-group-policy-software-installation-fails-error-1612
I have created a Group Policy Object GPO to install Cisco Duo Security Group Policy MSI Installer in Windows Server 2012 R2 Datacenter, which is a domain member server, but it failed.
Here are the error messages from Event Viewer in Windows Server:
Windows failed to apply the Software Installation settings. Software installation settings might have its own log file. Please click on the “More information” link.
The install of application Duo Authentication for Windows Logon x64 from policy Deploy Duo Client to Windows server failed. The error was : %%1612
Is it possible that Cisco Duo Security Group Policy MSI installer is incompatible with Windows Server 2012 R2 Datacenter?
Is it possible that Cisco Duo Security Group Policy MSI installer can only be installed on domain member workstations like Windows 8, Windows 10 and Windows 11?
The following guide keeps mentioning domain member workstations for a total of 4 times.
Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security
I have a 2nd question. If it is not due to incompatibility issue, could the installation error be due to file and folder names on the centralized software deployment share?
Deployment source: \fileserver1\d\Duo4.2.0\DuoWindowsLogon64.msi
Transforms: \fileserver1\d\Duo4.2.0\duo420-64.mst
I am wondering if the file and folder names listed above could present a problem.
I am looking forward to your replies.
Thank you very much.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
1st May 2022 Sunday
Solved! Go to Solution.
05-05-2022 07:40 AM
Subject: How to successfully install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects (GPO)
Dear all,
I have finally solved the problem on 4 May 2022 Wednesday morning in Singapore.
These are what you have to do.
Refer to the following guide.
Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security
Create the 1st Group Policy Object (GPO) using the above guide, under the section “Creating the Duo Authentication for Windows Logon GPO”.
DO NOT create the 2nd Group Policy Object (GPO) under the section “Deploying Duo Authentication for Windows Logon to clients using Active Directory”. This is because Cisco Duo Group Policy MSI installer (.msi) is incompatible with and cannot install on Windows Servers. The MSI installer only installs on domain member workstations like Windows 8, Windows 10, and Windows 11.
Since my task is to install Cisco Duo client on Windows Server 2012 R2 Datacenter, I repeat, DO NOT create the 2nd Group Policy Object (GPO).
Download and install the Cisco Duo client (.exe) and follow the instructions from the following guide.
Reference guide: Duo Authentication for Windows Logon and RDP
Link: Duo Authentication for Windows Logon and RDP | Duo Security
That’s all. You have successfully installed Cisco Duo client on Windows Server 2012 R2 Datacenter, which is a domain member server.
I have figured out all of these on my own.
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
5 May 2022 Thursday
05-05-2022 07:40 AM
Subject: How to successfully install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects (GPO)
Dear all,
I have finally solved the problem on 4 May 2022 Wednesday morning in Singapore.
These are what you have to do.
Refer to the following guide.
Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy | Duo Security
Create the 1st Group Policy Object (GPO) using the above guide, under the section “Creating the Duo Authentication for Windows Logon GPO”.
DO NOT create the 2nd Group Policy Object (GPO) under the section “Deploying Duo Authentication for Windows Logon to clients using Active Directory”. This is because Cisco Duo Group Policy MSI installer (.msi) is incompatible with and cannot install on Windows Servers. The MSI installer only installs on domain member workstations like Windows 8, Windows 10, and Windows 11.
Since my task is to install Cisco Duo client on Windows Server 2012 R2 Datacenter, I repeat, DO NOT create the 2nd Group Policy Object (GPO).
Download and install the Cisco Duo client (.exe) and follow the instructions from the following guide.
Reference guide: Duo Authentication for Windows Logon and RDP
Link: Duo Authentication for Windows Logon and RDP | Duo Security
That’s all. You have successfully installed Cisco Duo client on Windows Server 2012 R2 Datacenter, which is a domain member server.
I have figured out all of these on my own.
Thank you.
Regards,
Mr. Turritopsis Dohrnii Teo En Ming
Singapore
5 May 2022 Thursday
05-11-2022 10:46 AM
Thank you for following up to share the solution you found with the wider commuity! I’m glad you were able to get this resolved
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: