Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
7
Replies

RD Gateway not working after upgrading RD Web to v3.0.0

robnicholsonmalt
Level 1
Level 1

‎04-06-2024 06:53 AM

As usual, I'm very confused by the information about Duo for Remote Desktop Services. I've got four clients running the RD Web and RD Gateway combination on Windows Server 2019. They've also received the email that traditional authentication is EOL at the end of the month and to upgrade to Universal authentication.

I've just upgraded RD Web v3 on my test server and after doing this, I can no longer connect using RDP. RD Web is working fine - I've enabled universal prompt there during logon. But launch the RDP and you get the eror below. This article is talking about it but I'm afraid the section "How does Duo Authentication for RD Web affect RemoteApp and Desktop Connections?" is very confusing.

Anyone able to explain it in more simple terms? Can Duo not be used anymore for RDS/RDP or is there some other new system called "Duo authentication for RD Gateway"?

FAQ - Two-Factor Authentication for Microsoft Remote Desktop Services | Duo Security

robnicholsonmalt_0-1712410872325.png

 

Labels:
0 Helpful
7 Replies 7

DuoKristina
Cisco Employee
Cisco Employee

‎04-08-2024 06:25 AM - edited ‎04-08-2024 06:25 AM

It's not expected that a regular RDP connection would be interrupted or modified by Duo Authentication for RD Web. The mentions of Duo for RD Web interrupting "RemoteApp and Desktop Connections" is referring specifically to when you try to add the webfeed url for RD Web to the RemoteApp config on a client. Once you install Duo for RD Web the webfeed.aspx url requires interactive browser authentication, which RemoteApp can't do and therefore apps aren't available that way anymore.

Is the RDP (mstsc.exe) connection that now fails direct to 3389 on the RD Web server, or is it getting tunneled through an RD Gateway server, and if via RDG they also have Duo for RD Gateway installed?

You might want to contact Duo Support so they can advise the various places you can turn on debug logging and sort through the output if you haven't been able to do that yourself (instructions for enabling debug are on the page you linked as well as in the Duo KB at https://help.duo.com).

Duo, not DUO.
0 Helpful

robnicholsonmalt
Level 1
Level 1

‎06-12-2024 02:30 AM - edited ‎06-12-2024 02:35 AM

>It's not expected that a regular RDP connection would be interrupted or modified by Duo Authentication for RD Web.

Agreed it doesn't seem to make sense but it certainly does. I've only just had time to get back onto this in my RDS lab and the same problem occurs there. Simply installing RD web v3.0.0 breaks RD Gateway - you don't even have to enable universal prompt in the admin console. In my lab, I got a further error message:

RemoteDesktopManager_XMaztTiY2P.png

>Is the RDP (mstsc.exe) connection that now fails direct to 3389 on the RD Web server, or is it getting tunneled through an RD Gateway server, and if via RDG they also have Duo for RD Gateway installed?

My three clients are all small and therefore this is a single server install.

>You might want to contact Duo Support so they can advise the various places you can turn on debug logging and sort through the output if you haven't been able to do that yourself (instructions for enabling debug are on the page you linked as well as in the Duo KB at https://help.duo.com).

Thanks for the link. Yes, I'll probably have to reach out to support as we're now beyond the cut off date. Surprised it's still running!

One thing I haven't tried is re-installing the Duo RD Gateway - you never know...

0 Helpful

robnicholsonmalt
Level 1
Level 1

‎06-12-2024 03:09 AM - edited ‎06-12-2024 03:11 AM

Ohh this is a bit annoying Looks like a restart of the server and/or waiting a while is all that's needed. The first time I restarted the server, I got this new error message:

RemoteDesktopManager_tk2kmjXVZf.png

So I restored the VMware snapshot and started working through the upgrade process again in the lab, taking lots of screenshots. Except this time after the restart I got distracted by another client call and by the time I came back, RD Gateway worked.

Instructions need to suggest restarting maybe...

I'll try upgrading one of my client's this evening. The brewery probably - they don't work evenings

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to robnicholsonmalt

‎06-12-2024 07:00 AM

It's not expected that a full server restart would be needed. The installer does restart IIS (and therefore should restart dependent services). If a reboot fixes the issue for you, great, but it's not obvious what the issue might have been if you haven't reviewed any debug-level output.

Duo, not DUO.
0 Helpful

robnicholsonmalt
Level 1
Level 1
In response to DuoKristina

‎06-12-2024 07:17 AM

I'll be attempting to upgrade a client system this evening so will see what happens with that. Cheers, Rob.

0 Helpful

robnicholsonmalt
Level 1
Level 1

‎06-12-2024 03:29 PM

Same problem on the production system. After installing RDWeb v3 and enabling universal prompt in the admin console, I was unable to logon with RD Gateway until I restarted the RDS server. I'd left it for 15 minutes before the reboot just in case something kicked in.

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to robnicholsonmalt

‎06-14-2024 05:40 AM

Check your Windows event viewer logs. Maybe RDS services hung instead of starting back up when cycled? Did you happen to check the status of the RDS/IIS services on that server before your reboot?

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents