cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7377
Views
3
Helpful
8
Replies

Duo Authentication Prompt taking long to appear?

Ninja1
Level 1
Level 1

Duo for RDP

Duo Authentication Prompt takes longer to appear after doing a password reset. Has anyone experienced this? I’m not sure what would cause the 10-15 delay. I sent the logs to support and they can’t figure it out also.

We uninstall Duo, logged in with no issues. Re-installed Duo, logged in and the 10-15 sec delay persists. Any help would be much appreciated.

1 Accepted Solution

Accepted Solutions

Eduardo6
Level 1
Level 1

I had this issue with a couple servers too and it took me a while to figure it out so I want I share what I did to fix it, Duo support said what had worked for other customers was to rejoin the devices to AD but I didn’t want to rejoin them to the domain because they were production…

For our specific scenario, we have AD Connect to sync accounts from AD to Azure AD and I found that at some point these server computer objects were synched with Azure AD through AD Connect so they were hybrid joined, however when looking in the Azure AD portal the devices were not there anymore because at some point they were removed.

I ran dsregcmd /status in the servers and they showed like Hybrid/Azure joined, so they were still thinking they were hybrid though they were not. I then ran dsregcmd /leave which fixed the issue, I didn’t have to rejoin them to AD and no additional action was required after running the command.

The only reason I found the solution was because I saw some weird Kerberos failed attempts with a non existent user account starting with x509n:CN then I found it was probably because of a bad hybrid join.

View solution in original post

8 Replies 8

roc1479
Level 1
Level 1

I’m also experiencing this behavior running Duo on Windows 10 Pro 1903. By the time Duo screen shows, windows login has timed out and returns back to the login screen.

I am not sure what else may be causing the delay.

Hi,

Did either of you get anywhere with this? We’re starting to experience the same with Server 2019 (OS Build 17763.1911) - it’s not server wide though. Happens consistently on one user profile, but never on another.

So far I’ve got it happening on 3 out of 41 servers.

Regards,

Hi @Rob_ALMIS and everyone, this issue is most commonly caused by domain performance and configuration issues, though that may not be the case for everyone. I recommend contacting Duo Support and opening a support case on this, so we can do some advanced troubleshooting with you. Please be sure to use the debug logging tool as described in this help article.

We were able to resolve the issue by unjoining/rejoining the workstation/server from the domain. I’m not sure what caused the issue but that seems to work for us.

Eduardo6
Level 1
Level 1

I had this issue with a couple servers too and it took me a while to figure it out so I want I share what I did to fix it, Duo support said what had worked for other customers was to rejoin the devices to AD but I didn’t want to rejoin them to the domain because they were production…

For our specific scenario, we have AD Connect to sync accounts from AD to Azure AD and I found that at some point these server computer objects were synched with Azure AD through AD Connect so they were hybrid joined, however when looking in the Azure AD portal the devices were not there anymore because at some point they were removed.

I ran dsregcmd /status in the servers and they showed like Hybrid/Azure joined, so they were still thinking they were hybrid though they were not. I then ran dsregcmd /leave which fixed the issue, I didn’t have to rejoin them to AD and no additional action was required after running the command.

The only reason I found the solution was because I saw some weird Kerberos failed attempts with a non existent user account starting with x509n:CN then I found it was probably because of a bad hybrid join.

That worked, you the man!!

will.schroeder
Level 1
Level 1

Firstly @Eduardo thank you for putting me on the right track.

Quick Sum Up (if this isn’t enough info for anyone I can privately send more detail)
I work in a hosted style environment where RDP farms use Primary Refresh Tokens from Azure AD Hybrid joins to provide SSO for multiple tenants (if you do this don’t forget to have TPM). Users not in the AD Sync to the tenant the server is Azure AD Hybrid joined to will have this delay, but users joined will not.

SeattleJoe
Level 1
Level 1

This fix worked for me! Got rid of the 20 second delay
Unjoin from Azure AD and join again.
dsregcmd /leave
dsregcmd /join

Quick Links