Urgent - duo locked me out of a production server

works2020 · ‎02-11-2022

Can’t log into a server with domain or local user account. Disabled the user in Duo portal and still locked out. Uninstalled the software remotely and still can’t log in. Show’s the Duo Proxy is still installed. This is a business-critical server that I no longer have access to.

works2020 · ‎02-11-2022

I was able to resolve this by changing the time which was off by 5 minutes. How would I manage to do this if I didn’t have RMM software already installed? This is a little alarming to think if I would have remained locked out and didn’t have a remote means to access this server, in this case using PowerShell.

Is there another way around this if it were to happen in the future on a server that I don’t have other means of remote access to?

Amy2 · ‎02-14-2022

Hi @works2020, I’m glad you were able to get this resolved so quickly! In the future, when you have an urgent issue like this, it’s best to contact Duo Support for the fastest assistance. They are available 24x7x365 by telephone to paying edition customers experiencing Critical Severity issues. I only monitor the community M-F during business hours, and response times are not guaranteed.

To answer your question though - when you are locked out of a business-critical server to which you have physical access, you can boot into Safe Mode and uninstall or disable Duo Authentication for Windows Logon.

In cases where you don’t have physical access, you still have some options. Please check out the following help article for more details on this error and steps to regain access to the server: “How do I resolve the error ‘Bad request timestamp’ when using Duo Authentication for Windows Logon?”

works2020 · ‎02-15-2022

Thank you Amy. We appreciate you taking the time to include additional solutions.