10-31-2017 09:15 AM
Ever since Windows 10 decided to the upgrade to the latest Fall Update. Whenever I RDP into my computer the Duo Login Prompt does not load, it does not send the push notification. Thus I am unable to login remotely. I have uninstalled and reinstalled with the latest version of Duo with no success.
Any ideas?
11-15-2017 10:34 AM
Ok - I updated registry value to 1, rebooted, reinstalled duo software. And the issue still ocurrs.
If you want to see what it looks like I can share the computer I’m trying to connect to so you can see it first hand via private message?
11-15-2017 02:01 PM
I’m having the same problem but posted that earlier in this thread but I thought of something else. I’m using a Windows live login for logging into my PC instead of a local account. Not sure if this would make a difference for trouble shooting or others are setup this way or not.
11-15-2017 02:16 PM
Good thinking, Alan, I am also using a windows live account or what I think they call Microsoft Accounts more generically, but not a local account anyway.
I also use a PIN for windows Hello, but i turned that off as thought it might be the conflict…
11-15-2017 11:49 PM
Chiming in as i also have the same issue. Disabling printer forwarding does not work, nor does having dontdisplaylastusername set to 1. I’m also using a windows live account for signing in.
Reading about the type of account people in here is using i decided to test a couple of things - here are my findings:
Creating a local user account and using that RDP actually does bring up the duo prompt. I enrolled this user and got push notifications to my phone. Thus, i can log in with the local user. Trying with my regular Windows Live account resulted in the same failure as previously - no duo prompt. In fact, the login attempt does not even show in the duo portal.
As the next step i logged in to the local user i just created but canceled the login. I’m now passed the NLA CredSSP login provider and have an active RDP session with my host. I change accounts from the local user to my Windows Live account and log in with that, which does give me the duo prompt and the push notification. I can now log into the host.
This leads me to believe that it has something to do with NLA and CredSSP so i disable that on my host and create a .rdp file that has:
enablecredsspsupport:i:0
As i don’t have to authenticate before establishing the rdp session i can now just put in my regular Windows Live account credentials and i get the duo prompt and correlating push request to my phone. I am now able to log in again.
I’m pretty sure it has to do with NLA and the CredSSP provider but i can’t do more tests right now. I’ll get back to it later but I hope this helps you guys in troubleshooting and finding the issue.
11-16-2017 06:11 AM
I am also using a Microsoft account for authentication. @Dooley Have you tried adding a Microsoft account to your test machines?
11-20-2017 08:44 AM
After replicating the issue internally with Windows Live Accounts, we have a workaround by whitelisting a specific Microsoft credential provider, allowing RDP and DUO to work together as expected.
Use the Registry Editor (regedit.exe) with administrator privileges to create (or update) the following registry values in
HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv
Registry Value: ProvidersWhitelist
Type: REG_MULTI_SZ
Populate the multi string value data with the following GUID: {1ee7337f-85ac-45e2-a23c-37c753209769}
11-20-2017 09:20 AM
Patrick. Good deal. That fix works…partially. For me after i reinstalled Duo, updated the registry and rebooted I was able to authenticate with DUO 2FA working. However, after breaking the connection to the RDP session and trying again - it failed in the same way as before. If i force a restart and login over DUO RDP 2FA the first time it continues to work but just not to connect to an existing session.
11-22-2017 03:27 AM
Same problem here unfortunately, the regfix does not solve it for me.
11-22-2017 10:59 AM
I have the same issue after updating to Windows 10 Fall Creator’s Update. Rebooting the machine would allow me to login but then any succeeding re-connection to the RDP session would fail even though I’m getting the prompt to approve and has been providing my approval. The screen would just get stuck on the lock screen. Funny thing is icons to disconnect, restart, etc. are available and working. My last recourse if the solution from DUO or MS will take time is to restore from backup prior to fall creators update.
11-25-2017 08:08 AM
I am having the same issue. I am coming in from the Microsoft RDP client in android and a client on Windows 7. The local admin account works, but the live linked account does not. I tried using the local representation of the live account but that had the same result. Next I added the providerswhitelist into regedit, installed 3.1.1 and rebooted. That did not help. All resource forwarding is cancelled.
Has anyone had success with a workaround? Looks like disabling CredSSP is the leading contender.
11-27-2017 07:07 AM
@PatrickKnight Unfortunately this has not worked for me. I have the same problem as @Duo_RDP_User
11-28-2017 01:53 AM
I can confirm. After Win10 Fall Update 2FA with DUO does not work. RDP hangs on login screen and waits. When DUO is uninstalled RDP works as expected.
11-28-2017 02:08 PM
Quick update we are still working on a fix for this issue.
As a workaround without uninstalling you can set the GUID to F8A0B131-5F68-486C-8040-7E8FC3C85BB6
and removing the one posted above. This does not require a reboot.
The expected behavior after setting this will allow Duo to remain installed, protecting non-Microsoft Accounts and allows RDP of Microsoft accounts with no second factor.
11-29-2017 06:21 AM
Thanks for the update. In lieu of disabling 2FA for microsoft accounts, I have begun rebooting my machine whenever I go to log out of my microsoft account. This works for me as I don’t keep any programs up when I log out.
This workaround has worked for me thus far. If I forget to reboot I can log in with a local account and reboot from there.
11-30-2017 01:23 PM
HI all, thanks for all of your help with reporting this issue and trying out the various workaround solutions we’ve posted here. Our Engineering Team now has a very good understanding of the issue, but unfortunately a full solution is going to require additional development and collaboration with Microsoft.
We have confirmed that the Fall Creators Update (Version 1709) of Windows 10 breaks Duo for Windows Logon’s support for Microsoft Accounts (previously known as Windows Live ID). This is due to new behavior by the Microsoft Account credential provider which requires it to be loaded for accounts to appear.
As @patrickknight posted earlier, a workaround is available that allows Duo to remain installed and protect non-Microsoft Accounts while allowing access to Microsoft Accounts with no second factor.
To do this, use the Registry Editor (regedit.exe) with administrator privileges to create (or update) the following registry values in HKEY_LOCAL_MACHINE\SOFTWARE\Duo Security\DuoCredProv
ProvidersWhitelist
REG_MULTI_SZ
F8A0B131-5F68-486C-8040-7E8FC3C85BB6
No reboot is required.
We will continue to update this thread as more information becomes available. Thanks again for your help and patience with this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide