After sending a link to a mobile device to activate Duo, the user launches the link that opens the app and allows the bar code to be scanned, the account is created, and they can then use 2FA. Normal characteristics up to this point. The problem is next time they access their device Duo asks them to configure offline mode and clicking “Activate Now” brings them back to this window. The only option is to click the X in the upper right-hand corner where the loop continues no matter what we try.
Hi Amy, am I correct thinking there’s a conflict in Duo with “ElevationOfflineEnable” and “ElevationOfflineEnrollment” both being set to on? To me wondering if setting one or the other to 0 (off) is needed in this situation.
HI @works2020, nope those are the default settings, so this should not be creating a conflict or causing the issue you’ve described here. Furthermore, those settings specifically control whether or not Duo authentication is required for Windows UAC elevation attempts.
You’ll likely need to have Duo Support investigate this further by opening a case with them. From looking at similar support cases we’ve had in the past though, you could try the following:
- Have the user reactivate offline access from the online Duo prompt.
- If this does not work, you can make a registry change. Navigate to HKLM\Software\Duo Security\DuoCredProv and ensure that
EnableOffline REG_DWORDvalue is set to 1.
Thanks Amy, I’ve tried reactivating from the online command prompt and still now luck. I also checked the registry settings.
Appreciate the info, feel better about opening a ticket now and avoiding going down a rabbit hole.
Ok cool, glad I could help! Sorry to hear you’re still experiencing the issue though.
To give you an idea of what to expect with Duo Support if you haven’t opened a case with them before, they will want to see your registry configuration, recent debug log output demonstrating the issue, and other system configurations. There is a PowerShell script that gathers all the necessary files, scrubs them of sensitive information, and creates a zip package ready for you to send to Duo Support. Download the Support Tool and learn more about it here. Please note that you will also have to enable debug logging if you have not done so already.