01-27-2020 08:44 AM
When an end-user’s Active Directory password expires, the Duo Auth client for Windows seems to do several odd things. Here’s the scenario:
The user’s password has expired in AD.
Upon login to their computer, the Duo Auth client for Windows prompts them to create a NEW “offline login” method.
Clicking the “Enroll later” option returns the user to the login screen where a message of “Your password has expired and must be changed”.
The user proceeds with the password change, but is given an “Access is denied” message.
If an administrator forcibly resets their password AND the user reboots their computer, things begin to work correctly again.
Could the Duo Auth Client for Windows be made to handle expired AD passwords more gracefully? …or do we have something misconfigured?
Thank you for any help!
Dan.
01-28-2020 07:14 AM
What’s the application?
01-29-2020 03:50 PM
Duo Authentication for Windows Logon and RDP
02-11-2020 03:01 PM
Are these users already enrolled?
02-12-2020 10:37 AM
Yes. They were enrolled with Duo and using their laptops which had the Windows Auth client installed. They’d forgotten to change their passwords which subsequently expired.
02-20-2020 11:54 AM
@nachowhat version of Duo for Windows do you clients have installed? A bug with password change and Offline Authentication was fixed in version 4.0.6. Consider updating to the latest version, and subscribe to Release Notes to learn about new application versions and other changes to Duo.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide