Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4517
Views
0
Helpful
3
Replies

RD Gateway RAP/CAP

Mike_Womack
Level 1
Level 1

‎04-05-2020 09:30 PM

I read this in the documentation " Installing Duo’s RD Gateway plugin disables Remote Desktop Connection Authorization Policies (RD CAP) and Resource Authorization Policies (RD RAP). The CAPs and RAPs become inaccessible from the Remote Desktop Gateway Manager and previously configured policy settings are ignored by Remote Desktop Gateway. If operational requirements mandate continued use of RD CAPs/RAPs, you may want to consider installing Duo for Windows Logon at your RDS Session Hosts instead.

But I could not find anything on what the RD Gateway will use instead of RAP/CAP? I followed the instructions to install the RD Gateway software and now all users that we test with get an error stating they do not have access. I am sure I missed something simple but I am unable to tell what.

0 Helpful
3 Replies 3

BabbittJE
Level 1
Level 1

‎04-07-2020 11:47 AM

Are they getting “no access” because they didn’t click Approve in Duo on their phone?

There’s no CAPs/RAPs with Duo for RD Gateway. Its access control is located within the Duo Security Admin panel.

I’m assuming you did the entire setup, similar to this (see circled items):

2X_5_5fdb6a7e29ac879b9a444dbf8536d3657ea86f77.png

Good luck!

0 Helpful

Mike_Womack
Level 1
Level 1
In response to BabbittJE

‎04-08-2020 03:54 PM

Thank you for the reply. No the user is never prompted to approve the login, they simply receive a message that they are not authorized.

I did set the application policy but there are only 4 users to manage so none of them are restricted. It’s a pretty basic setup. If I install duo for windows client it prompts them at the desktop but I wanted to place the security at the RD Gateway. Unfortunately when I do it doesn’t prompt, it just denies the login.

0 Helpful

BabbittJE
Level 1
Level 1
In response to Mike_Womack

‎04-08-2020 04:17 PM

When you installed Duo on your Remote Desktop Gateway server, did you use the info from Duo Protected Applications, such as the Integration Key, Secret Key and API Hostname for Duo RD Gateway? Is your RDG server joined to the domain? And, I’m assuming the 4 users have Duo Mobile installed on their smartphones, and that they’re all enrolled properly? Do they show up anywhere in the Duo Admin panel, specifically any attempts, like success or failed, in the authentication report?

I’m sure you read the documentation but, if not, it’s here: Two-Factor Authentication for Microsoft RD Gateway on Windows 2012 and Later | Duo Security

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents