Push Cisco DUO agent

AhmadKhader · ‎12-15-2025

I am trying to push the Cisco DUO agent for Workstations for Windows login and RDP. I want to do it through PowerShell since I can use it to push to all the devices. I read a document that is possible, but I installed it, but it did not work, and I am locked out since Duo is not working, and it says I need the MFA. I need to configure the proxy during installation to make it work.

If anyone can share the command, and I will use the HOST, SKEY, and IKEY from my side, it will be perfect. If PowerShell is not working, can I use the CMD?

DuoKristina · ‎12-15-2025

It's not clear which Duo application you're talking about. We have multiple applications intended for installation on Windows clients.

Do you mean Duo Authentication for Windows Logon? The CLI install information for that application is here:

https://duo.com/docs/rdp-faq#can-i-silently-install-duo-authentication-for-windows-logon-from-a-command-line-or-powershell

ETA if the HTTP proxy settings weren't specified during the initial install, you can push the registry values needed (HttpProxyHost and HttpProxyPort) to the workstation:

https://duo.com/docs/rdp-faq#is-it-possible-to-use-a-web-proxy-only-for-duo-authentication-for-windows-logon-traffic

Duo, not DUO.

AhmadKhader · ‎12-15-2025

duo-win-login-5.2.0

AhmadKhader · ‎12-15-2025

Also, I tried this one from the powershell, it installs the Duo but it does not work. One of the issues was this error:
the duo authentication server returned an unexpected response

Philip D'Ath · ‎12-15-2025

Do you connect directly out, or via a proxy server?

Have you got anything (like a firewall) doing TLS inspection/decryption?

If you install it manually, does it work?

Can you share the command line you are using for the install (change the keys to xxx)?

AhmadKhader · ‎12-15-2025

- Via proxy server
- I am not sure. But at least the proxy does, maybe.
- Yes, it works manually.
- curl https://dl.duosecurity.com/duo-win-login-latest.exe -o C:\Users\Administrator\Downloads\duo-win-login-latest.exe ; C:\Users\Administrator\Downloads\duo-win-login-latest.exe /S /V" /qn IKEY="xxxx" SKEY="xxxx" HOST="xxxx" AUTOPUSH="#1" FAILOPEN="#0" SMARTCARD="#1" RDPONLY="#0" PROXYHOST="X.X.X.X" PROXYPORT"XX""

If the failopen ="1" the PC will login but without Duo. Just to make sure, after run this command on PowerShell it installs the Duo but it does not work.

Philip D'Ath · ‎12-15-2025

You show:
PROXYPORT"XX""

Is that a copy and paste typo? It should be:
PROXYPORT="XX""

Does your proxy server require authentication? If so, maybe that is blocking it.
If you look at your proxy server log, do you see the requests from Duo being received and allowed?

AhmadKhader · ‎12-15-2025

there is equal in it, I just missed copying it.

It does not need authenticated, since the manual setup works fine. I did not check the proxy server log yet. Do you think it is blocking it?

Philip D'Ath · ‎12-15-2025

I do not know if the proxy server is blocking it - but it seems a logical step to check, as the Duo agent is having trouble talking to Duo.

AhmadKhader · ‎12-15-2025

I am doing a full action plan. So I want to know if someone faced the issue and how they fixed it. Sure, I will check the proxy.

DuoKristina · ‎12-16-2025

You can check what is happening by reviewing the Duo debug log output when you try to log in. That should show you if the Duo Windows Logon client tries to use the HTTP proxy you specified in the first place, and if it does try the proxy, what happens after that. Note that the HTTP proxy you use can't require authentication.

https://help.duo.com/s/article/1083?language=en_US

Duo, not DUO.