I work for an MSP and we just came across this issue with a new client.
This issue has caused a lot of frustration for users as well as us, we spent weeks trying to find the cause only to eventually find out that Duo RDGW takes over the CAP/RAP policies and hard sets the timeout, and the only mention of this in the documentation on the site is a footnote under Testing!, this is something which SHOULD be hightlighted in the documentation at the top Before even reading anything else about the RDGW implementation.
The fact that this is still an issue 18 months after the last Duo RD Gateway update was released is rediculous.
The date on the RDGW installer is from April 2018, and we’re still being told by support that the only workaround is to remove it and install it on the RDS hosts.
We also asked about the inability for this “Recommended Solution” to support the “Authorized Networks” functionality and were basically told that they cannot advise on that as they dont know our network. What’s there to know, you’re talking about removing the app from RDGW and installing the RDS one, this isn’t complicated.
Very disappointing considering you guys developed these various implementations but can’t advise on how they actually work!
Needless to say I will NOT be recommending Duo to any future clients.