12-28-2021 07:55 AM
We are using Duo to protect Palo Alto’s GlobalProtect VPN application and have the application configured in Duo Admin to use both SSO (SAML, Azure AD) and the new Universal Prompt. Out of about 100 clients, five of them have run into issue with the VPN connection process. When the process works, the user opens GlobalProtect, clicks ‘Connect’, approves the Duo Push notification, and sees a succesful VPN connection. When the process fails, it is failing somewhere between the user clicking ‘Connect’ and Duo sending out the push notificiation. Each user has had a slightly different experience when it fails. Here’s what we have observed:
As a workaround, we have been able to resolve the issue by opening Internet Options, clicking the Advanced tab, and choosing one or more of the following:
Any suggestions for troubleshooting this further and determining what is broken? Can we enabling any kind of debug logging with the Duo Universal Prompt or SSO service? so we can see what Duo is seeing (and not liking) on these few machines?
01-04-2022 02:26 PM
Surely somebody knows why this fails ??
01-06-2022 02:05 PM
Hi @jwckauman, please accept our apology for the delayed response. Most of Duo was out for a company-wide shutdown during the holidays. I’m not sure what the issue could be based on what you’ve shared here. Your best bet is to contact Duo Support for help with this, and you’ll want to capture and share the HAR logs with them.
Unfortunately, most embedded browsers don’t support HAR log captures. You may be able to capture them from the embedded browser, but you would have to do some research on Palo Alto’s embedded browsers and see if they allow it first. I recommend switching to the default OS browser for a specific machine if possible in order to ensure the HAR logs are captured properly.
Please see our help article here for more info on how to capture these HAR logs for troubleshooting Duo Prompt issues. I hope that helps!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: