Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
1
Helpful
9
Replies

RD Web authentication not working

Go to solution
alceryes
Level 1
Level 1

‎09-23-2023 06:13 PM

Server 2019, latest DUO RD Web and RD Gateway install.

For some reason, my RDWeb access prompt has stopped working. I preformed a successful reinstall (just next, next, and completed successfully) but no prompt comes up - it just takes me to my published apps and no authentication attempt/bypass/etc is seen in DUO admin. My DUO gateway prompt (when launching an app) is still working. How do I get the RD Web prompt back up and operational?

TIA!

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎09-26-2023 03:08 PM

Try enabling debug logging for the Duo for RD Web module and then check the Event Viewer to see if that yields any clues.

Duo, not DUO.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎09-26-2023 03:08 PM

Try enabling debug logging for the Duo for RD Web module and then check the Event Viewer to see if that yields any clues.

Duo, not DUO.
0 Helpful

Go to solution
alceryes
Level 1
Level 1
In response to DuoKristina

‎10-08-2023 11:16 AM - edited ‎10-08-2023 12:25 PM

Thanks for your reply. It was the older TLS version deprecation that was messing it up. However, I now have a new, possible related, issue.
When logging in to RDWeb I am now getting the Duo page again (where I can either do a push or passcode), but push is NOT coming up on my phone. The Duo admin console sees that I'm trying to push but it never gets to my phone. I can enter the passcode and get in though. The weird part is that the second Duo push from the RD Gateway (when I launch a remoteapp) DOES get through to my phone. I have the two Duo prompts to make sure that even local users have to Duo.
Is this definitely a Duo or my phone issue since the admin console sees the push attempt or could it still be something with IIS since the second Duo push (RD Gateway) works?

EDIT - It's working now. Not sure if it was just my phone being in a funk or the reinstall of the Duo RDWeb app and reboot of server, but it's now working fine. It's prompting properly in my Duo app for both RDWeb and RDGateway access.

 

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to alceryes

‎10-10-2023 11:25 AM

I'm glad the push issue resolved itself!

Duo, not DUO.
0 Helpful

Go to solution
robnicholsonmalt
Level 1
Level 1
In response to DuoKristina

‎11-26-2023 05:13 AM - edited ‎11-26-2023 05:36 AM

I've turned on debugging and I've captured a couple of events in the Duo area in event viewer. Kind of shows that Duo is monitoring the logon to RDWeb. I'll not post them here yet but one line did catch my eye "Authentication not required".

I've also just created a new domain user and they're not prompted to set-up Duo when logging onto RD Web. I'll add them into Duo now to see if that makes any difference.

 

Later... didn't make any difference. User has account in Duo (test.user) but not prompted during logon to RD Web.

It's been like this for a while. My Duo using customers are small so we've never worried too much as gateway is still protected.

0 Helpful

Go to solution
robnicholsonmalt
Level 1
Level 1

‎11-25-2023 07:21 AM - edited ‎11-26-2023 05:57 AM

>It was the older TLS version deprecation that was messing it up.

Can you please let me know what you did to resolve this? Duo integration with RD Web isn't prompting on any of my client installations but fortunately when they launch the RDP it does work.

I did read all the documentation about TLS depreciation - which to be honest was clear as mud! It never made it clear whether the issue is on the client or the server.

0 Helpful

Go to solution
robnicholsonmalt
Level 1
Level 1

‎11-25-2023 07:59 AM

TLS 1.0 and 1.1 were enabled on the web server so I disabled those on both server and client - and rebooted. Duo still not prompting when I logon to the website. Does Duo only kick in for new accounts?

9KbssBW[1].png

 

0 Helpful

Go to solution
robnicholsonmalt
Level 1
Level 1

‎11-25-2023 08:01 AM

I also pushed the website through the SSL scanner and it passed. Here is the full report as a PDF:

https://maltsystems-my.sharepoint.com/:b:/g/personal/rob_nicholson_maltsystems_co_uk/EWr7lQ9y0V1IvQMWERPTkBABUksrJ9jqDZK1ayOTQk5mPA?e=O51v7R 

0 Helpful

Go to solution
alceryes
Level 1
Level 1
In response to robnicholsonmalt

‎11-27-2023 06:38 AM - edited ‎11-27-2023 06:39 AM

On vaca. Can't dive in at the moment.

It was all regedits - about 4 of them. Dr. G got me the correct ones after about an hour of searching. If I remember correctly, disabling TLS 1.0 and 1.1 and forcing the server to use TLS 1.2. Maybe also forcing IIS to only use TLS 1.2. Just keep track of your regedit changes (backup the key) and test. Also, rebooting the server was mandatory in between changes. IISreset isn't enough..

Go to solution
robnicholsonmalt
Level 1
Level 1
In response to alceryes

‎11-28-2023 07:41 AM

Thanks - will have a look when I get a bit of free time. Enjoy holiday

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents