cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3066
Views
2
Helpful
7
Replies

Using DUO with RD Gateway breaks Redirected Printers

BDennis
Level 1
Level 1

Hello all,

Were using DUO some time now and start implementing it as a MSP for all of our RDS environments. Not long after deployment customers complain that they were unable to use redirected printers. After some research with Microsoft Support this is because the CAP and RAP policies are missing that has been taken over when installing DUO on our RD Gateway servers.

We tried uninstalling, but this breaks the whole RD Gateway completely, I still have to look into this to get things moving to the DUO for RDS (On the session hosts). Were not happy about this as we can no longer use trusted IP’s. And we kinda need those to!

Those are the options, if you want to use redirected printers you can’t use trusted IP’s.

Anyone got around this?

(We could get a “ feature request” but as I read the topic of Duo RD Gateway CAP/RAP Session timeout settings that won’t fix it short term.)

7 Replies 7

DuoKristina
Cisco Employee
Cisco Employee

DUO for RDS (On the session hosts)

we can no longer use trusted IP’s

Do you mean Duo Authentication for Windows Logon and Duo’s
Authorized Networks? That application does support Authorized Networks when not logging onto the session host local console.

Duo, not DUO.

Hello Kristina,

Correct, but in combination with Remote Gateway the ip logged is Always the internal ip of the Remote Gateway.

So for “internal” you could bypass the remote gateway. But as we mostly work with internal cloud, all servers are remote for the user and have to use the remote gateway.

It would be a solution for us is we could still in this case have users bypass 2FA when comming from a known public ip, as they are in the office.

Regards,

Dennis de Groot

BDennis
Level 1
Level 1

So in short we would like to use:

  • External access
  • DUO
  • IP Whitelist (Authorized Networks)
  • Redirected Printers + Drives

If you haven’t already done so, please contact your account executive, MSP partner manager, or Duo Support to capture your use case as a feature request.

Duo, not DUO.

Did you ever find a solution? I use DAG with my RDG and redirected printers work just fine. In your RDG, make sure that “redirected printers” are allowed. If unchecked, of course it disables them. I personally disable clipboard and drives but not printers, for example.

Before you ask why I disable some items, it’s for security reason, e.g., no copying company files to local drives, no uploading of possible infected files, no copying of secured information (yes, I realize they could just do a screenshot), etc.

Hey BabbittJE,

Thanks for the reply! In the end it was more of a incident then a issue. As with other customers it did just work, but we never got it worked on that specific customer. Currently it no longer of a issue as we let the customer go, or they left, or both…

So your right, DUO with RDG and redirected printers should just work, would be of a correct statement here i needed back then!

I’ve run into issues where their local printer isn’t showing up in redirected printer. It had something to do with specific make and model of their printer, and their USB driver. It just wouldn’t show up. Replaced the printer with a different make/model and all was well. That sounds like this was your case if all but one customers were able to get theirs working.

This also happens with specific headphones and webcams. Most are compatible with RDS, some aren’t.

I know no longer relevant to you but others might pop in here looking for a solution so I wanted to throw that out in here.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links