Problem: Duo for RDP Delay
So I recently ran into an issue where when attempting to RDP to a server with Duo Authentication for Windows Logon/RDP, I noticed a significant delay in logon times. I measured it and it ranged between 12-32 seconds. While not a huge ordeal and yes eventually the Duo Auth prompt would come up, it still slowed down my day.
After dealing with this for a few weeks, I eventually decided to dig in…and AWAY WE GO!
Troubleshooting
So…where to start. I’d say definitely start by confirming Duo is the issue. I removed Duo RDP for a temporary test and sure enough the problem went away. i was able to login immediately.
Well I’ll spare you the long story, but see below for where I started.
- Event Viewer Logs
- Application Logs – Nothing
- System Logs – Nothing
- Remote Desktop Session logs did confirm logon times, but nothing of interest.
- Enabled Duo Auth logging via Registry
- HKLM\Software\Duo Security\LoggingEnabled: 0 (I’ll come back to this…not quite sure on that full path)
The duo logs did show an authentication attempt that was being delayed, but by what? My Domain Controller is in the same subnet and online. Then it dawned on me…what other authentication sources could I have. Well what about Azure AD?
Resolution: Unjoin from Azure AD
Sure enough I ran…
dsregcmd /statusAnd low and behold the machine (and yes it was a Server 2019 server) was Azure AD joined…most likely by accident from a previous admin. Any who, 10 seconds later, I removed it via:
dsregcmd /leaveRebooted and sure enough I was back to authenticating RDP sessions in 2-5 seconds versus 30 seconds. Whew the time saved!
Security Services | Duo MFA for RDP Benefits | IT Infrastructure Services