Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2207
Views
0
Helpful
3
Replies

DUO RD Gateway app issues

Fayejaz
Level 1
Level 1

‎08-24-2020 08:24 AM

We have a small RDS 2019 “farm” and were running both the DUO RD web and RD gateway apps. Users were getting double prompted and we were ok with that. Then we began to see users (external to network since we bypass the rd gateway for internal connections) getting error messages like -

  • Remote Desktop can’t connect to the remote computer…
    We were also seeing this error -
  • The user on client computer did not meet the authorization policy requirements and was therefor not authorized to access the RD Gateway server.
    An event log error on the gateway server showed this (even though we knew they were enrolled) -
  • Error in Duo login for ‘xxxx\xxxx’: The username you have entered is not enrolled with Duo Security. Please contact your system administrator.

So, I uninstalled the DUO RD gateway app and users don’t see the “Remote Desktop can’t connect to the remote computer…” error.

Where can I start looking to troubleshoot the RD Gateway app?

Thanks in advance
Faye

0 Helpful
3 Replies 3

BabbittJE
Level 1
Level 1

‎09-01-2020 03:30 PM

I personally only use the DUO RD Gateway app because having both Web and Gateway is kind of redundant, which is why you are prompted twice. For internal users, we don’t get prompted at all. For external users, only the gateway prompts us. When a web is used, it downloads a custom RDP and that prompts DUO RD Gateway, anyways. Good luck with your design; I’ll keep an eye on this post should you have any further questions.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee

‎09-02-2020 06:03 AM

Error in Duo login for ‘xxxx\xxxx’: The username you have entered is not enrolled with Duo Security. Please contact your system administrator.

Are the users enrolled in Duo with their username as dddd\xxxx or as xxxx? The Username Normalization setting for Duo applications determines whether Duo attempts to match the username exactly as received or, if enabled, Duo drops any prefix or suffix to the username.

For our Microsoft applications, we default to normalization on, so when Duo’s service receives an RDG auth request for dddd\xxxx it drops the domain prefix and looks for an existing xxxx user.

If the user in Duo has the username dddd\xxxx and normalization is on it would fail to match the user xxxx and produce that error message.

If the user in Duo has the username xxxx and normalization is off it would also fail to match the user dddd\xxxx and produce that error message.

So for any users who were receiving that message, verify that their Duo usernames are a format that matches the normalization setting for your RDG app. If not, you can add the username in another format as an alias for that user from the user’s details page in Duo, for example username = dddd\xxxx and username alias 1 = xxxx.

Where can I start looking to troubleshoot the RD Gateway app?

Have you tried enabling and viewing debug output?

How do I enable debug logging for Duo Authentication?
How do I view additional log info for RD Gateway?

Duo, not DUO.
0 Helpful

Fayejaz
Level 1
Level 1
In response to DuoKristina

‎09-17-2020 05:28 AM

Sorry, just seeing this. Will try the suggestions and let you know how it works.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents