MFA for RDP on windows 7


#1

Hi,
I created a duo web portal login and defined a policy to accept individual users.
I installed duo agent on windows 7 and added the key while installing it.
Added RDP application to get it protected with 2 FA.
I rebooted windows 7 machine.
I created a user on windows 7 machine. When I tried to login to the machine via RDP, 2 FA auth is not working.
It is allowing me to login with usual user id / password used for windows

Please help me

Thanks
Sugunakar


#2

Did you create a Duo user with the same username as the Windows 7 user account? Take another look at the steps outlined here.


#3

Hii created same user id John on both duo portal and on local system.
Same password is set as well.

Added rdp as service in duo portal.

Installed duo on server with keys.

When I try to login to machine via rdp, it just allows me to login with username and password. It’s not asking for two factor authentication like SMS code etc.

Please help me

Thanks

Sugunakar


#4

created same user id John on both duo portal and on local system.
Same password is set as well.

Duo administrator accounts are distinct from Duo end user accounts. You mention setting the same password for the “John” user in the Duo Admin Panel, but Duo end users don’t have passwords in Duo so I wonder if…

  • “John” is a Duo administrator account.
  • The New User policy applied to your Duo RDP application is set to allow access to unenrolled users. When this is set and a user logs on to the system with a username that doesn’t exist in Duo, that user isn’t prompted for 2FA.

Please verify that the “John” account exists as a Duo end user.

  1. Log in to the Duo Admin Panel and click Add New > User.

  2. Enter the same username from the Windows system.

  3. Assign a phone or other 2FA device to that new user.


#5

Hi ,

Thanks for your response.

I am sharing the screenshot of my setup.

I have added a user(vnair) as local desktop user in a windows 10 system where I installed the duo application.

I enabled RDP and protected it with 2 factor authentication on portal and added a user policy. Added a user vnair in the portal and enabled 2 factor auth.

When I try to RDP to the windows 10 machine with vnair user ID by using mstsc command, it does not prompt for 2 factor.

After user , password it allow me to login.

Please help me to fix this

If you need, I can come online to give demo of the issue.

Thanks

Sugunakar


#6

Hi,

I made a mistake in configuration.

I was using hex for prox port and because of which internet connectivity failed for duo application

once I changed it, it started working

Thanks

Sugun