Solved: New to Duo, how to login on RDP

HTS1 · ‎02-27-2020

Hi,

I’m very new to Duo. I’m looking for a second factor for RDP sessions.

So I just created my first Duo Account with my e-mail address and my phone number. Now I can login to the admin panel - getting the 6-digit code on my phone within the Duo-App.

First I created a user (manualy) just by giving a name (the same name as the RDP-user). After this I added a Phone to this new user. The given phone is my own phone… the same phone that I use for the admin account.

In the last step I added an RDP application. Now I have “Microsoft RDP” with keys and hostname. I downloaded the software, installed it on my Windows Server 2019 and did the first try.

With my RDP-Login there comes up the new Duo-Screen. I was asked for the code. So far so good.
Unfortunately, the code from my phone didn’t work. I guess it’s because I’m the admin and a user at the same time?
Because several 6-digit codes from the Duo-App didn’t work I requested a code via SMS. A few moments later my phone recieved the SMS and the given code worked fine. I was able to login to my RDP-Server.

So the SMS on my own phone worked but the code inside the Duo-App on the same phone didn’t.

What do I have to change?

In my Duo-App I have only 1 account. This account is a “Duo Admin”… but it has the username of my manualy added user. I guess this is the issue.

Kind regards
Thomas

mkorovesisduo · ‎02-27-2020

Hi Thomas, Duo administrator accounts are different from Duo end-user accounts. This Knowledge Base article lays out the differences.

You will need a Duo administrator account to manage your Duo “deployment” via the Duo Admin Panel (where you created the RDP application) and a Duo end-user account to log in to Duo-protected applications.

It sounds like you were generating a code for access to the Admin Panel and that’s why it did not work for accessing your Windows system. Since you added a phone number to your Duo end-user, however, you can successfully receive phone call authentications and SMS passcodes on it. If you want to receive Duo Push requests and be able to generate Duo Mobile passcodes for your Duo end-user account, you will need to activate Duo Mobile for that end-user account. You can see options for accomplishing that here.

Does this help? Please let me know, and thanks for using Duo!

View solution in original post

mkorovesisduo · ‎02-27-2020

Hi Thomas, Duo administrator accounts are different from Duo end-user accounts. This Knowledge Base article lays out the differences.

You will need a Duo administrator account to manage your Duo “deployment” via the Duo Admin Panel (where you created the RDP application) and a Duo end-user account to log in to Duo-protected applications.

It sounds like you were generating a code for access to the Admin Panel and that’s why it did not work for accessing your Windows system. Since you added a phone number to your Duo end-user, however, you can successfully receive phone call authentications and SMS passcodes on it. If you want to receive Duo Push requests and be able to generate Duo Mobile passcodes for your Duo end-user account, you will need to activate Duo Mobile for that end-user account. You can see options for accomplishing that here.

Does this help? Please let me know, and thanks for using Duo!

HTS1 · ‎02-27-2020

Hi,

that’s it!! Yeah
My “phone 1” was already activated (of course, it is my admin-phone) and so I didnt try to re-activate it. This sounds unnecessary to me - but it was very necessary.

Now I have 2 users in my Duo-App.
I can’t test it now but I guess it will work with the 2nd user.

Thank you very much.
Thomas