Fall Creators Update (Version 1709) of Windows 10 breaks Duo for Windows Logon’s support for Microsoft Accounts


#1

Ever since Windows 10 decided to the upgrade to the latest Fall Update. Whenever I RDP into my computer the Duo Login Prompt does not load, it does not send the push notification. Thus I am unable to login remotely. I have uninstalled and reinstalled with the latest version of Duo with no success.

Any ideas?


#2

I have the same problem, tried re-installing, and updating to latest version but nothing worked.


#3

I have the same issues after installing the fall 2017 update. I can only login now after I uninstalled DUO


#4

Same problem here. Just a login screen but no prompt. RDP works fine if 2FA is uninstalled.

Edit. A little more information on this. I was RDP’ing from Android using Microsoft’s RDP application. I haven’t tried to RDP from other platforms or another Windows computer. And when I said I would get the login screen, the login picture and mouse cursor display, but there’s not a “square box” to enter the logon password. Just a picture and that’s it.


#5

Hey everyone, thanks for bringing this to our attention. We are currently investigating this.


#6

Thanks! Is there a way for me to subscribe to notifications for when an update to the client gets pushed that resolves this? I guess I’ll probably get an email notification if more people post on this thread…


#7

Yes, you’ll get a notification for any additional posts in this thread. We’ll provide an update here as soon as one is available.


#8

I can confirm- I’m experiencing the same issue on two machines which recently had the latest Windows 10 feature update installed. RDP authentication works fine with the previous build of Windows 10.


#9

I’ve been using Windows 10 with Duo for several months. I just added it to a new machine and found that I get prompted for a password even after I’ve done the initial Windows account username and password (before the RDP connection launches). On my other systems I do not get a 2nd password prompt… it just does the Duo push automatically. I prefer Duo prompting automatically rather than having to enter my password again.

I made sure the 3rd check box was checked during the install.

Is this related to the Windows 10 Fall update?


#10

Hey @Nebb, have you looked into disabling printer redirection for RDP?

Also can you supply the build number of v1709 you are on?

Thanks


#11

Wanted to add another report where Duo’s RDP 2FA stopped working once I updated to windows 10 Fall Creator’s update. I am on Win 10 Pro, Version 1709, Build 16299.19. But it’s happened on every version I’ve had for Fall Creator’s update going back 2 months. Imagine it should be easy to recreate. And therefore imagine every user you have will have this break when they update windows. Have you been able to reproduce at Duo? Happy to help share if not?


#12

Hi all,

Do any of the affected systems have HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\dontdisplaylastusername set to 1?

If not, can someone try making the change (DWORD) to 1 and see if this resolves your issue? This change was known to fix issues logging in with a Microsoft account in Windows 10, so our Engineering Team is wondering if the new logon issue after the Fall update is similar.

Thanks!


#13

Hi

I have tried this and it does not work.

Can the engineering team not replicate this problem?


#15

My dontdisplaylastusername was set to 0 already - I assume that is what you were indicating changing the value to zero for testing?


#16

Sorry for the confusion. Could you please try changing the value to 1 for testing?

FYI @Nebb on the above as well. And indeed we are not able to replicate the problem internally. Efforts to do to do so are continuing, but this is is a hard one to reproduce.


#17

Ok - I updated registry value to 1, rebooted, reinstalled duo software. And the issue still ocurrs.

If you want to see what it looks like I can share the computer I’m trying to connect to so you can see it first hand via private message?


#18

I’m having the same problem but posted that earlier in this thread but I thought of something else. I’m using a Windows live login for logging into my PC instead of a local account. Not sure if this would make a difference for trouble shooting or others are setup this way or not.


#19

Good thinking, Alan, I am also using a windows live account or what I think they call Microsoft Accounts more generically, but not a local account anyway.

I also use a PIN for windows Hello, but i turned that off as thought it might be the conflict…


#20

Chiming in as i also have the same issue. Disabling printer forwarding does not work, nor does having dontdisplaylastusername set to 1. I’m also using a windows live account for signing in.

Reading about the type of account people in here is using i decided to test a couple of things - here are my findings:

Creating a local user account and using that RDP actually does bring up the duo prompt. I enrolled this user and got push notifications to my phone. Thus, i can log in with the local user. Trying with my regular Windows Live account resulted in the same failure as previously - no duo prompt. In fact, the login attempt does not even show in the duo portal.

As the next step i logged in to the local user i just created but canceled the login. I’m now passed the NLA CredSSP login provider and have an active RDP session with my host. I change accounts from the local user to my Windows Live account and log in with that, which does give me the duo prompt and the push notification. I can now log into the host.

This leads me to believe that it has something to do with NLA and CredSSP so i disable that on my host and create a .rdp file that has:
enablecredsspsupport:i:0

As i don’t have to authenticate before establishing the rdp session i can now just put in my regular Windows Live account credentials and i get the duo prompt and correlating push request to my phone. I am now able to log in again.

I’m pretty sure it has to do with NLA and the CredSSP provider but i can’t do more tests right now. I’ll get back to it later but I hope this helps you guys in troubleshooting and finding the issue.


#21

I am also using a Microsoft account for authentication. @Dooley Have you tried adding a Microsoft account to your test machines?