11-25-2019 10:15 AM
Duo for RDP
Duo Authentication Prompt takes longer to appear after doing a password reset. Has anyone experienced this? I’m not sure what would cause the 10-15 delay. I sent the logs to support and they can’t figure it out also.
We uninstall Duo, logged in with no issues. Re-installed Duo, logged in and the 10-15 sec delay persists. Any help would be much appreciated.
Solved! Go to Solution.
01-28-2022 04:07 PM
I had this issue with a couple servers too and it took me a while to figure it out so I want I share what I did to fix it, Duo support said what had worked for other customers was to rejoin the devices to AD but I didn’t want to rejoin them to the domain because they were production…
For our specific scenario, we have AD Connect to sync accounts from AD to Azure AD and I found that at some point these server computer objects were synched with Azure AD through AD Connect so they were hybrid joined, however when looking in the Azure AD portal the devices were not there anymore because at some point they were removed.
I ran dsregcmd /status in the servers and they showed like Hybrid/Azure joined, so they were still thinking they were hybrid though they were not. I then ran dsregcmd /leave which fixed the issue, I didn’t have to rejoin them to AD and no additional action was required after running the command.
The only reason I found the solution was because I saw some weird Kerberos failed attempts with a non existent user account starting with x509n:CN then I found it was probably because of a bad hybrid join.
04-22-2020 05:35 PM
I’m also experiencing this behavior running Duo on Windows 10 Pro 1903. By the time Duo screen shows, windows login has timed out and returns back to the login screen.
I am not sure what else may be causing the delay.
05-16-2021 12:46 AM
Hi,
Did either of you get anywhere with this? We’re starting to experience the same with Server 2019 (OS Build 17763.1911) - it’s not server wide though. Happens consistently on one user profile, but never on another.
So far I’ve got it happening on 3 out of 41 servers.
Regards,
05-17-2021 07:58 AM
Hi @Rob_ALMIS and everyone, this issue is most commonly caused by domain performance and configuration issues, though that may not be the case for everyone. I recommend contacting Duo Support and opening a support case on this, so we can do some advanced troubleshooting with you. Please be sure to use the debug logging tool as described in this help article.
05-17-2021 08:12 AM
We were able to resolve the issue by unjoining/rejoining the workstation/server from the domain. I’m not sure what caused the issue but that seems to work for us.
01-28-2022 04:07 PM
I had this issue with a couple servers too and it took me a while to figure it out so I want I share what I did to fix it, Duo support said what had worked for other customers was to rejoin the devices to AD but I didn’t want to rejoin them to the domain because they were production…
For our specific scenario, we have AD Connect to sync accounts from AD to Azure AD and I found that at some point these server computer objects were synched with Azure AD through AD Connect so they were hybrid joined, however when looking in the Azure AD portal the devices were not there anymore because at some point they were removed.
I ran dsregcmd /status in the servers and they showed like Hybrid/Azure joined, so they were still thinking they were hybrid though they were not. I then ran dsregcmd /leave which fixed the issue, I didn’t have to rejoin them to AD and no additional action was required after running the command.
The only reason I found the solution was because I saw some weird Kerberos failed attempts with a non existent user account starting with x509n:CN then I found it was probably because of a bad hybrid join.
01-31-2022 09:36 AM
That worked, you the man!!
08-25-2022 11:20 PM
Firstly @Eduardo thank you for putting me on the right track.
Quick Sum Up (if this isn’t enough info for anyone I can privately send more detail)
I work in a hosted style environment where RDP farms use Primary Refresh Tokens from Azure AD Hybrid joins to provide SSO for multiple tenants (if you do this don’t forget to have TPM). Users not in the AD Sync to the tenant the server is Azure AD Hybrid joined to will have this delay, but users joined will not.
06-08-2023 07:24 AM
This fix worked for me! Got rid of the 20 second delay
Unjoin from Azure AD and join again.
dsregcmd /leave
dsregcmd /join
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide