Solved: Duo Auth Proxy - AD is not working

Report Inappropriate Content · ‎09-02-2021

I have an installation with Duo Auth Proxy which connects to AD for retrieving users.
A couple of days ago it stopped working and I’m now getting error messages in the authproxy log.

It says: - Failed to communicate with any Active Directory server.
- Initial LDAP bind to AD failed: invalidCredentials
- Primary credentials rejected

I have double checked the username and password in AD but I still cannot figure out what causes the problem/errors.

Any suggestions?

Report Inappropriate Content · ‎09-08-2021

Hi.

I found the problem by using the authproxy_connectivity_tool.
Was some traffic that was blocked by the firewall.
Works perfectly now.

View solution in original post

robnicholson · ‎09-02-2021

I’ve just received a very confusing email from Duo saying that our AD Sync has stopped working. Which is news to me as I wasn’t aware we were using AD Sync (we’re not AFAIK). I’m directed to this console:

lkeyes1 · ‎09-02-2021

@robnicholson – I have received the same message, now three times. When I look at my Directory Sync page, I note that there appear to be three bogus directory entries for AD, in addition to the one genuine entry for our actual AD sync. The three bogus entries are labeled AD, AD(2) and AD(3), and I’m not sure how they got there (!)

robnicholson · ‎09-02-2021

Sounds like Duo are having a bad day…

lkeyes1 · ‎09-02-2021

@sindreh

One thing you might try is to run the authproxy_connectivity_tool.exe located on your authproxy server in C:\Program Files\Duo Security Authentication Proxy\bin folder. This should verify connectivity between DUO / AD and the authproxy.

Let us know.

DuoKristina · ‎09-07-2021

@lkeyes @robnicholson Those emails were sent to admins who had created a directory sync configuration but then did not actually configure any groups in the sync. We are sorry for any confusion this may have caused (feedback showed that some admins did not recall creating the syncs with incomplete configuration in the first place).

If you aren’t using those syncs and have no plan to complete setup for them, you should delete them.

These emails are unrelated to the OP’s posted issue. Using the connectivity tool is a good suggestion, so thank you @lkeyes! However, if the issue is with authentication to AD the connectivity tool output is likely to show the same auth failure already shown in authproxy.log.

@sindreh There are some suggestions you can work through in this KB article: Why were my Active Directory server credentials rejected when configuring Directory Sync?. If these don’t help you resolve the issue feel free to contact Duo Support for 1:1 troubleshooting.

Duo, not DUO.

robnicholson · ‎09-07-2021

That certainly applies to me! All I setup AFAIK are these two applications:

Does this infer some kind of directory replication?

DuoKristina · ‎09-07-2021

No, directory sync configs are totally distinct from protected applications and creating one does not also create the other.

Duo, not DUO.

Report Inappropriate Content · ‎09-08-2021

Hi.

I found the problem by using the authproxy_connectivity_tool.
Was some traffic that was blocked by the firewall.
Works perfectly now.