Duo two-factor authentication for AWS windows Instances and AD in on premise

Set Up:

  1. AD is in on premise, Duo AD integration is set up and working for on premise windows
  2. Federation is not set up between AWS and on premise
  3. Site to Site VPN is set up between AWS and on premise
  4. Windows EC2 instance can be joined to On premise AD, AD user can login to AWS Windows machine
  5. While AD login process user is not getting push notification but logs in to windows.
  6. When same user is trying to login to on premise windows machine, he gets push notification.

Is there any timeout settings?

Hi @johnfolia

A few things I’d probably check:

  • Is the Duo Windows Logon installed on the AWS Windows machine?
  • Check the Duo Admin Panel logs to see if you see any activity for the users that are being let into AWS.
  • Enable debug mode on AWS Windows Machine: Duo Authentication for Windows Logon and RDP: FAQ | Duo Security. Once you’ve enabled it, do an auth and then check the log to see what it says.

If none of those help you track down the issue I’d recommend reaching out to support so that they can help you get it running ASAP.

1 Like