Duo on RD Gateway causing timeout after 8 hours. What should we do?

Hope you all are well.
Hey, is it that hard to update your DUO clients roughly when this issue can be sorted out or at least planned so we can get back to our clients and get them to be calm down?

As a sys admin, keep thinking why why why 8 hours and why hard coded with thinking and trying to believe there should be very reasonable REASON behind but still do not understand.

Hope we can get some info about your plan.

Thank you.

I just had an user tell me she keeps getting disconnected everyday, even in the middle of typing, usually 3:30 PM (she signs in 7:30 PM). So, it does indeed appear that Duo disconnects our gateway every 8 hours, overriding my RDS values. Is there yet a fix for that? We’re still working from home and still need Duo. I’d hate to swap Duo for another product; too much work to switch.

Joining in the chorus… This seems needlessly painful, please allow us to admin our own systems.

This issue is driving our staff crazy. As stated numerous times by others, the plug is pulled on the session mid-keystroke at 8 hours exactly. Please give us a way to change this default value.

We have been using DUO on RD Gateway forever and have run in to this exact issue a couple of times.

There is a ‘hidden’ regkey which defines this value. I am not sure why DUO support is not able to inform about this. Anyway, on to the details. This should help you guys out

Open regedit on the RD Gateway server and browse to:
HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoTsg

Create new DWORD named ‘AuthorizedSession_MaxDuration’ with a value of 000003c0 (16 hours)

000003c0 equals 960 minutes which is 16 hours. Offcourse you are free to use what you wish here.

6 Likes

@mark003

You are a brave soul posting this. This worked. We’ve had zero issues in the last week because of this. Thank you so much. You’ve been more help in one reply than Duo has been in almost two years.

3 Likes

In light of COVID-19 and the exponential rise we’ve seen in RDGateway usage, we have updated our Knowledge Base article to include the necessary keys to edit the Max Sessions and Idle Timeout values. These options are still unsupported, but have been tested against Microsoft Server 2012R2 through Server 2019, so please utilize them at your own risk.

We know this has been a long-requested option that has gone unaddressed, and we hope offering these keys as an unsupported option will help improve your experience with Duo, but publishing these keys still does not live up to the expectation we’d like to offer around RDG. Hopefully this helps today and we’ll update the community with additional information we have to share around the future of RDG.

If you have any feedback please DM me here or reach out to me via email at pknight@duo.com

Thanks,

Patrick

3 Likes

All I can say is thank you very much. You’re going to save the frustration of many of your customers.

+2 for releasing the information to the community, even if “unsupported”.
-1 for the drama in getting here.

We’ve been using the registry fix since early March* on multiple Windows Server 2019 Brokers without incident. Your experience could differ due to so-called quality issues but I wish you the best of luck, hopefully Duo refines this element of the RDGateway solution in the coming months.

(* thanks to those Darknet-style ninjas for looking after the community, +5 for you.)

#StaySafe

2 Likes