Microsoft RRAS with Duo Mobile problem

Hi everyone,

I’m testing to set up MFA with DUO Mobile on my VPN server.

Everything works with a normal SSTP connection.

Here is my configuration :

1x : Windows 2019 server : RRAS with (SSTP protocol) (
1x: Windows 2019 server: NPS/Radius (
1x: Windows 2019 server: Duo Proxy service (

When I try to connect my VPN client, I get the following messages in the logs:

2020-11-10T16:57:51+0100 [duoauthproxy.lib.log#info] Duo Security Authentication Proxy 5.1.0 - Init Complete
2020-11-10T16:57:51+0100 [-] RadiusClient starting on 55744
2020-11-10T16:57:51+0100 [-] Starting protocol <duoauthproxy.lib.radius.client.RadiusClient object at 0x000001957A1563D0>
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Sending request from to radius_server_auto
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Received new request id 4 from ('', 52047)
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('', 52047), fidmc\mdm-user1, 4): login attempt for username 'fidmc\\mdm-user1'
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Sending request for user 'fidmc\\mdm-user1' to ('', 1812) with id 38
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] Got response for id 38 from ('', 1812); code 3
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('', 52047), fidmc\mdm-user1, 4): Primary credentials rejected - No reply message in packet
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('', 52047), fidmc\mdm-user1, 4): Returning response code 3: AccessReject
2020-11-10T16:58:30+0100 [duoauthproxy.lib.log#info] (('', 52047), fidmc\mdm-user1, 4): Sending response

Here is my authproxy.conf file:

secret key=XXXXXXXX

service_account_username=FIDMC\Administrateur (for test)


I also get error 812 in the client’s Event Viewer.

Does anyone know where the error could come from?

Thank’s in advance.

Hi @Frederic_Viatte, just a heads up that I edited your post to remove your secret key and RADIUS secret. These are unique to your application and account and should be kept private. They should never be shared publicly :slight_smile:

I noticed in your config file under [radius_server_auto] you have the client listed as client=client_radius when it should be radius_client instead. Try fixing that and see if it resolves the issue!

Something else I looked into was the error code Primary credentials rejected - No reply message in packet in your AuthProxy log. This help article says to set pass_through_all=true under radius_client to resolve this. However, I see in your config that you have done so already, so that shouldn’t be a problem.

Give my suggestion a try, and if you’re still encountering trouble, I recommend reaching out to Duo Support for further troubleshooting and help.

Thank you for your quick response!

Thanks for correcting the post, I’ll know for next time :upside_down_face:

Then indeed the radius_client line was already configured right. I made a mistake in the post.

Here is a quick schematic of the current configuration.

Hopefully it will help to solve the problem.

Thank’s in advance.