Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5797
Views
0
Helpful
6
Replies

Setup problems with Duo Access Gateway for Windows

Patrik1
Level 1
Level 1

‎05-02-2018 02:04 AM

Hello,

I got some problems with the initial setup of DAG.
The logging is not giving me anything to go on, at least I cant see it.

I have installed a fresh windows server 2016 standard. Followed the DUO guide to install DAG.
No errors or anything, so far so good.

But now when I launch my browser to continue I only get prompted with the error “Bad request received”.

1X_ab6e2626b2b071f693a020361fff4df5b37261b3.PNG

Entry in my dag.log is the following:

May 02 08:27:29 simplesamlphp ERROR [b05873c03c] SimpleSAML_Error_BadRequest: BADREQUEST_HIDE_REASON(’%REASON%’ => ‘The Duo Access Gateway Launcher is not configured. Please create a Duo Access Gateway application in the Duo Admin Panel and configure it in the Launcher settings page of the Access Gateway Admin Console.’)|Backtrace:|0 C:\inetpub\wwwroot\dag\www\launcher.php:18 (N/A)
May 02 08:27:29 simplesamlphp ERROR [b05873c03c] Error report with id 6fdf72b5 generated.

Cant get past this, any help is welcomed!

Edit: Yes I have search the forums but did not find anything related to this.

Thank you!

//Best Regards

Labels:
0 Helpful
6 Replies 6

Dooley
Level 3
Level 3

‎05-02-2018 07:07 AM

Hi Patrik,

Please ensure you’re going to https://yourserver.example.com/dag, not just https://yourserver.example.com to reach the DAG Admin Console.

There is also the following shortcut available in Windows: Start Menu > Duo Access Gateway > Configure

0 Helpful

Patrik1
Level 1
Level 1
In response to Dooley

‎05-02-2018 07:25 AM

Hi Dooley,

Ah yes now you reminded me about one thing that seems a bit confusing, lets see if I can explain this

When I browse for https://yourserver.example.com/ I get the above error page
When I browse for https://yourserver.example.com/dag/ I get a 404

The https://yourserver.example.com/ url redirects me to https://yourserver.example.com/dag/launcher.php

So actually the …/launcher.php gives me the error, and that might not be so strange. But then the questions is, how come I get a 404 on the main page.

//Best Regards

0 Helpful

Dooley
Level 3
Level 3
In response to Patrik1

‎05-02-2018 07:55 AM

Hi Patrik,

I chatted with some members of our Support Team about this, and they suggested the two following possible solutions:

  1. This could be related to your browser’s security settings. Please try accessing from a freshly updated version of Chrome or Firefox to see if it resolves your issue.
  2. If you’re running the DAG on an externally-hosted VM, please reference this knowledge base article: https://help.duo.com/s/article/3069 to resolve your 404 issue.
0 Helpful

Patrik1
Level 1
Level 1

‎05-02-2018 07:54 AM

Ah, It is solved now.

Had my mind set on the first error.

The issue was in our network and that the DAG-server was reporting that is tried to access the webpage from an other ip (or gateway acctually).

Resolved it and now I can access the “set password” page.

Thanks!

0 Helpful

rmaynard1
Level 1
Level 1

‎01-10-2019 04:28 PM

I’ve got the exact same error in dag.log as reported in Patrick’s original post, and subsequent follow-up reporting that https://fqdn/dag gives a 404 despite this being an actual shortcut put in the start menu by the installer.

I have verified that the client IP address as revealed in the IIS logs (which incidentally matches the server’s only IP) is listed in the dag/www/web.config file:

<additionalLocalIps>
   <add IP="x.x.x.x" />
</additionalLocalIps>

Any ideas where I go from here? I’ve searched the web and this forum to no avail.

This is a fresh install on WS2019 Std inside a DMZ as per the requirements. I’ve also backed out the DAG install and re-installed - no joy either.

@Patrick it sounds like in the end you didn’t have the client IP in the additionalLocalIps config block in web.config. Was that or the network change that made the client present as one of the additionalLocalIPs the resolution in the end?

Thanks in advance all!

0 Helpful

rmaynard1
Level 1
Level 1

‎01-15-2019 07:21 AM

After a call with the very helpful @MacD it was determined that proceeding down the Azure AD Conditional Access [1] to be a much simpler way to achieve Office 365 without requiring a DAG. I didn’t know that was even an option from looking at the documentation.

So now there’s no additional server needed, no CA cert, no server licensing and no server or network fault-tolerance considerations either.

The only downside is that needs an Azure AD Premium P1 licensed for a single admin - but at £4.50 / mo that’s easily a better option than running a DAG.

[1] Microsoft Azure Active Directory | Duo Security

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents