Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5147
Views
0
Helpful
1
Replies

Active Directory Sync

sarge2
Level 1
Level 1

‎02-26-2018 05:11 PM

I am having a problem with setting up Active Directory with Duo. I have configured the settings as well as installed and configured the Duo Authentication Proxy on the DC. I can see there is some sort of communication as when I disable the service and try to save the config in the web portal I get different error messages.

The main error I get and can’t bypass is - Status: The directory server was unreachable.

The following entries are from the log file on the server -

 2018-02-26T17:23:27+1100 [Uninitialized] AD Connection failed: <twisted.python.failure.Failure twisted.internet.error.TCPTimedOutError: TCP connection timed out: 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond..>
2018-02-26T17:23:27+1100 [Uninitialized] LDAP connection failed
	Traceback (most recent call last):
	Failure: duoauthproxy.lib.ldap.client.ADClientError: AD Connection failed: [Failure instance: Traceback (failure with no frames): <class 'twisted.internet.error.TCPTimedOutError'>: TCP connection timed out: 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond..
	]
	
2018-02-26T17:23:27+1100 [duoauthproxy.lib.ldap.client.ADClientFactory#info] Stopping factory <duoauthproxy.lib.ldap.client.ADClientFactory object at 0x02530470>

Any help here would be greatly appreciated.

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎02-28-2018 07:35 AM

The log indicates that the Duo proxy wasn’t able to make an LDAP connection to your Active Directory (even though those are both the same server).

There are some configuration items you can verify in this KB article.

If these don’t help, please contact Duo Support. They’ll review your directory configuration and have you enable debug logging on your authentication proxy server to review the output when you try to connect.

Be aware that we don’t usually recommend running the Duo proxy on your domain controller.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents