DUO Cert Proxy issue User name change


We have set up Trusted endpoint using the DUO Cert proxy, everything is pushed out/updated via a GPO when the user logs in.

Everything is working OK up until we had someone have a name change, the change in AD went well, we had to sync with DUO 2 times, once to remove the old username and then again to get the new one in. Re-added the 2FA device, everything worked great.

Then the apps that we have trusted endpoint turn on will not allow the user to get in(not a trusted endpoint). GPO to push the certificate is running, no Cert is showing up in CertMgr.

I even manually installed a windows cert, said it installed but no cert show up in CertMgr.

In AD we just changed the logon name and email address.

The weird part is if we turn everything back, still does not work.

Any idea, support is not much help.