Solved: Duo Auth Proxy shows log "Connection to Duo service was intentionally closed."

andres.cornet · ‎12-02-2021

Hi,
I’ve deployed Duo Single Sign-On to protect VPN connections using 2 Linux Duo Authentication Proxies (a CentOS and an Ubuntu). The authentications sources are local Active Directories.

Everything is working fine, except that every 60’ to 70’, the DAPs look disconnected from Duo Admin Portal. However, when I run the authproxy_connectivity_tool all tests are performed correctly. From the DAPs perspective connectivity is OK, but from the Admin Portal they are disconnected.

In the authproxy.log I can see the following:

2021-12-02T11:25:47.030258-0300 [duoauthproxy.lib.log#info] Connection to Duo service was intentionally closed.
2021-12-02T11:25:47.030661-0300 [duoauthproxy.lib.log#info] DRPC Disconnected: Missed pings for 657 seconds, maximum 600 seconds allowed.
2021-12-02T11:25:47.030779-0300 [duoauthproxy.lib.log#info] (Re)connecting to service…
2021-12-02T11:25:47.031101-0300 [duoauthproxy.lib.log#info] http GET to https://sso-ceb99dd6.sso.duosecurity.com:443/drpc/v1/ping:
2021-12-02T11:25:47.034808-0300 [duoauthproxy.lib.http._■■■■■■■■■■■■■■■■■■■■#info] Starting factory <_■■■■■■■■■■■■■■■■■■■■: b’https://sso-ceb99dd6.sso.duosecurity.com:4
43/drpc/v1/ping’>
2021-12-02T11:25:47.035683-0300 [duoauthproxy.lib.log#info] Connection lost to SSO: [Failure instance: Traceback (failure with no frames): <class ‘twisted.internet.erro
r.ConnectionLost’>: Connection to the other side was lost in a non-clean fashion: Connection lost.
]
If I restart the service or wait about 10 minutes, it reconnects. But both proxies fail at the same time, so I’ve constant service disruption. Has somebody faced this issue?

andres.cornet · ‎12-21-2021

I finally got to the solution.

I have a pair of FTDs firewalls between the proxies and the internet that were messing with the connection. Once I set a rule on the prefilter to Fastpath connections from the proxies to the internet, it stopped disconnecting.

I can’t understand what were they doing to close the connection, since I was not performing any inspection to the DAPs (the rule on the ACP was set to Trust).

Hope this helps anyone!

View solution in original post

jamieis · ‎12-02-2021

Hey @andres.cornet,

Thanks for reaching out about this issue. It appears that the Authproxy is having trouble connecting. I’d make sure that from those hosts you can successfully connect to https://sso-ceb99dd6.sso.duosecurity.com/drpc/v1/ping.

Sounds like your boxes might have some intermittent connection issues. Is there any outbound proxy that could be disrupting traffic?

I’d recommend reaching out to our support team so we can collect the proper logs and get you up and running again Duo Customer Support | Duo Security.

andres.cornet · ‎12-02-2021

Hi @jamie

Thanks for the quick answer.

Yes, actually I’ve opened a case but I haven’t had any response for the past 3 days. That’s why I looked into the community for some help.

Regarding the connectivity between the DAPs and that URL, I’ll go ahead and leave a continuous ping to check if there is any long time disruption. Only to have some strong evidence, ut I’m positive there is full connectivity.

Regards,

andres.cornet · ‎12-21-2021

I finally got to the solution.

I have a pair of FTDs firewalls between the proxies and the internet that were messing with the connection. Once I set a rule on the prefilter to Fastpath connections from the proxies to the internet, it stopped disconnecting.

I can’t understand what were they doing to close the connection, since I was not performing any inspection to the DAPs (the rule on the ACP was set to Trust).

Hope this helps anyone!