hi guys, had an issue that recently just came across and another issue that has been nagging my setup since the beginning but due to time and bandwidth, had to put on backburner. Both appear to be now resolved but just thought I’d share my findings and ask the bigger question about refs/docs and user experiences which seem to be hard to find, even within this community forum.
Is there is any documentation on how to renew the SSL cert with Duo installed in unified mode on Windows 2012 RDS?
I have renewed the RDS side of things successfully, but kept getting errors on starting the remoteapp via the RD Web console.
After much digging around, found that there was a signing cert hash setting in a file called duo,config which i can’t find any references to. updating the hash to match the new cert fixed this.
And I don’t recall having to select a certificate for signing when first installing Duo.
I’ve been getting intermittent problems starting a remoteapp in the browser since day one. Event viewer show:
The user “user1”, on client computer “a.b.c.d”, did not meet resource authorization policy requirements and was therefore not authorized to resource “rds2012.server,com”.
The following error occurred: “5”.
Turns out that my connection out to the web goes through several different proxies and they are dynamically chosen and hence different public IPs. I managed to figure out that there was a client IP validation setting in the duo.config file. This by default sets to True, setting to false gets me around these circumstances.
So got me to wondering where do I find ref docs about all config settings possible with registry keys and duo.config and anything else I haven’t come across my googling?
Are these local settings controlled via the web admin portal. I have the free version so I can’t verify these settings. But the resources on the website doesn’t confirm this.