Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7302
Views
3
Helpful
8
Replies

Duo Authentication Prompt taking long to appear?

Go to solution
Ninja1
Level 1
Level 1

‎11-25-2019 10:15 AM

Duo for RDP

Duo Authentication Prompt takes longer to appear after doing a password reset. Has anyone experienced this? I’m not sure what would cause the 10-15 delay. I sent the logs to support and they can’t figure it out also.

We uninstall Duo, logged in with no issues. Re-installed Duo, logged in and the 10-15 sec delay persists. Any help would be much appreciated.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Eduardo6
Level 1
Level 1

‎01-28-2022 04:07 PM

I had this issue with a couple servers too and it took me a while to figure it out so I want I share what I did to fix it, Duo support said what had worked for other customers was to rejoin the devices to AD but I didn’t want to rejoin them to the domain because they were production…

For our specific scenario, we have AD Connect to sync accounts from AD to Azure AD and I found that at some point these server computer objects were synched with Azure AD through AD Connect so they were hybrid joined, however when looking in the Azure AD portal the devices were not there anymore because at some point they were removed.

I ran dsregcmd /status in the servers and they showed like Hybrid/Azure joined, so they were still thinking they were hybrid though they were not. I then ran dsregcmd /leave which fixed the issue, I didn’t have to rejoin them to AD and no additional action was required after running the command.

The only reason I found the solution was because I saw some weird Kerberos failed attempts with a non existent user account starting with x509n:CN then I found it was probably because of a bad hybrid join.

View solution in original post

8 Replies 8

Go to solution
roc1479
Level 1
Level 1

‎04-22-2020 05:35 PM

I’m also experiencing this behavior running Duo on Windows 10 Pro 1903. By the time Duo screen shows, windows login has timed out and returns back to the login screen.

I am not sure what else may be causing the delay.

0 Helpful

Go to solution
Rob_ALMIS
Level 1
Level 1
In response to roc1479

‎05-16-2021 12:46 AM

Hi,

Did either of you get anywhere with this? We’re starting to experience the same with Server 2019 (OS Build 17763.1911) - it’s not server wide though. Happens consistently on one user profile, but never on another.

So far I’ve got it happening on 3 out of 41 servers.

Regards,

0 Helpful

Go to solution
Amy2
Level 5
Level 5
In response to Rob_ALMIS

‎05-17-2021 07:58 AM

Hi @Rob_ALMIS and everyone, this issue is most commonly caused by domain performance and configuration issues, though that may not be the case for everyone. I recommend contacting Duo Support and opening a support case on this, so we can do some advanced troubleshooting with you. Please be sure to use the debug logging tool as described in this help article.

0 Helpful

Go to solution
Ninja1
Level 1
Level 1
In response to Rob_ALMIS

‎05-17-2021 08:12 AM

We were able to resolve the issue by unjoining/rejoining the workstation/server from the domain. I’m not sure what caused the issue but that seems to work for us.

0 Helpful

Go to solution
Eduardo6
Level 1
Level 1

‎01-28-2022 04:07 PM

I had this issue with a couple servers too and it took me a while to figure it out so I want I share what I did to fix it, Duo support said what had worked for other customers was to rejoin the devices to AD but I didn’t want to rejoin them to the domain because they were production…

For our specific scenario, we have AD Connect to sync accounts from AD to Azure AD and I found that at some point these server computer objects were synched with Azure AD through AD Connect so they were hybrid joined, however when looking in the Azure AD portal the devices were not there anymore because at some point they were removed.

I ran dsregcmd /status in the servers and they showed like Hybrid/Azure joined, so they were still thinking they were hybrid though they were not. I then ran dsregcmd /leave which fixed the issue, I didn’t have to rejoin them to AD and no additional action was required after running the command.

The only reason I found the solution was because I saw some weird Kerberos failed attempts with a non existent user account starting with x509n:CN then I found it was probably because of a bad hybrid join.

Go to solution
Ninja1
Level 1
Level 1
In response to Eduardo6

‎01-31-2022 09:36 AM

That worked, you the man!!

0 Helpful

Go to solution
will.schroeder
Level 1
Level 1

‎08-25-2022 11:20 PM

Firstly @Eduardo thank you for putting me on the right track.

Quick Sum Up (if this isn’t enough info for anyone I can privately send more detail)
I work in a hosted style environment where RDP farms use Primary Refresh Tokens from Azure AD Hybrid joins to provide SSO for multiple tenants (if you do this don’t forget to have TPM). Users not in the AD Sync to the tenant the server is Azure AD Hybrid joined to will have this delay, but users joined will not.

0 Helpful

Go to solution
SeattleJoe
Level 1
Level 1

‎06-08-2023 07:24 AM

This fix worked for me! Got rid of the 20 second delay
Unjoin from Azure AD and join again.
dsregcmd /leave
dsregcmd /join

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents