Error: Unable to connect or communicate with Duo Security

Error: Unable to connect or communicate with Duo Security

Issue description     

Users attempting to log in to ADManager Plus may encounter the following error:

Unable to connect or communicate with Duo Security. Please contact your administrator.

This indicates that ADManager Plus is unable to establish a connection with Duo Security for MFA.

Possible causes   

  1. Duo Security is unreachable: The ADManager Plus server cannot connect to Duo Security due to network issues or a service outage.

  2. Misconfigured Duo settings: The Client ID, Client Secret, or API Host Name in ADManager Plus does not match what is configured in the Duo Admin Panel.

  3. Firewall restrictions: Outbound communication to Duo Security, particularly over port 443 (HTTPS), may be blocked.

  4. Invalid or expired credentials: The Duo credentials used by ADManager Plus are outdated, incorrect, or revoked.

  5. Certificate-related issues: Problems with SSL/TLS certificates could be preventing secure communication.

Prerequisites   

  • Administrator access to ADManager Plus.

  • Access to manage Duo Security configuration.

  • Understanding of your network infrastructure and firewall settings.

Resolution 

Step 1: Test network connectivity to Duo Security   

  1. Open Command Prompt on the ADManager Plus server.

  2. Run ping <DuoAPIHostname>.

NotesNote: Replace <DuoAPIHostname> with the actual API hostname from ADManager Plus, e.g., api-xxxxxx.duosecurity.com

  1. If the ping fails, it could indicate DNS or connectivity issues.

  2. For a more accurate test, run Test-NetConnection <DuoAPIHostname> -Port 443.

  3. If the result is not True, there is likely a problem with network communication.

 Step 2: Verify Duo Security configuration in ADManager Plus     

  1. Log in to ADManager Plus.

  2. Navigate to Delegation > Configuration > Logon settings > Two Factor Authentication > Duo Security.

  3. Ensure that the Client ID, Client Secret, and API Host Name match the values in the Duo Admin Panel.

NotesNote: Double-check for case sensitivity and remove any leading or trailing spaces.

  1. After updating the configuration, attempt to connect again.

 Step 3: Verify firewall  rules

  1. Ensure outbound traffic to Duo Security over port 443 (HTTPS) is allowed.

  2. If blocked, configure firewall rules to permit communication from the ADManager Plus server to Duo’s servers.

Step 4: Verify Duo Security  availability

Visit Duo Security’s status page to check for any ongoing outages or disruptions.

Tips   

  • Keep a secure and up-to-date record of your Duo API credentials (Client ID, Secret, and Hostname).

  • Periodically monitor Duo’s service status and test connectivity.

  • Implement monitoring for outbound connectivity failures on critical ports like 443.

How to reach support  

If the issue persists, contact our support team here

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products