Phone call back for 2FA not working


#1

I support a couple of offices where we have implemented DUO with LDAP authentication for WatchGuard Firewall and SSLVPN client. Authentication works fine with PUSH notifications and SMS codes for all offices. I have a couple of offices where the phone call back option does not work tho. It works in some offices, but not others. All configs appear to be similar at each location, but on 2 of these offices, the phone call back just doesn’t work. I get the following error in the logs:

2019-03-05T13:11:46-0600 [HTTPPageGetter (TLSMemoryBIOProtocol),client] [Request from 192.168.2.254:41594] Duo authentication returned ‘deny’: ‘Incorrect passcode. Please try again.’
2019-03-05T13:11:46-0600 [HTTPPageGetter (TLSMemoryBIOProtocol),client] [Request from 192.168.2.254:41594] Incorrect passcode. Please try again.

Same user can use PUSH or SMS or the DUO app on the phone and enter the passcode manually, but the phone call back just doesn’t seem to be working. No issues with telephony credits either. I’ve tried multiple users at the effecting office and phone call back does not work for anyone.


#2

Hey Scot,
Could you please provide more info on what is not working? Is the phone call coming through but their response is not being registered? Does the phone call never arrive? I’m wondering if an extension or phone tree (see https://help.duo.com/s/article/3734 for me) is affecting some of these users but not others.

It would be best for you to open a Duo Support case for further investigation if the calls are not coming through at all, as they can work with our telephony providers to conduct in-depth troubleshooting.