Troubleshooting 2FA in ADAudit Plus

Troubleshooting 2FA in ADAudit Plus

In this article  :

 

  • Issue description

  • Prerequisites

  • Possible causes

  • Resolution

  • Related topics and articles

  • How to reach support

Issue description  

     
    What is the issue? Two-factor authentication (2FA) in ADAudit Plus adds an extra layer of security by requiring a second verification method beyond passwords. Issues can arise when users encounter problems with the 2FA process, leading to:

       
      Authentication failures: Users are unable to log in despite entering the correct credentials and 2FA codes.

       
      Email or SMS delivery delays: Users experience delays in receiving authentication codes via email or SMS.

       
      Authenticator app synchronization problems: Time-based codes from authenticator apps are not being recognized.

       
      2FA configuration errors: There are difficulties in enabling or configuring 2FA for user accounts.

       
      Account lockouts: Users get locked out of their accounts due to multiple failed 2FA attempts.

     
    Where does it occur?

       
      During the login process to the ADAudit Plus console

       
      In the Admin > Authentication Settings > Two-Factor Authentication configuration section

       
      During user profile management when enabling or configuring 2FA

     
    Who does it affect? It affects ADAudit Plus administrators, security personnel, and end users who access the ADAudit Plus console with 2FA enabled.

 

 

Prerequisites

  • Have access to the ADAudit Plus web console.

  • Have an administrator account or a technician account with privileges to view and modify authentication settings.

  • SMTP server or SMS gateway settings are configured and verified under Admin > General Settings > Server Settings.

  • Any authenticator apps (for example: Microsoft Authenticator or Google Authenticator) are synced to the correct time.

  • There is stable network connectivity between the ADAudit Plus server and email or SMS delivery services.

  • Users have access to their registered 2FA method (email, mobile device, or an authenticator app).

  • The mobile device used for 2FA has accurate date and time settings.

Possible causes  

       
      Time synchronization issues: There are discrepancies between the server time and the authenticator app time.

       
      Email or SMS configuration problems: Incorrect SMTP or SMS gateway settings are affecting code delivery.

       
      Incorrect 2FA configuration: There is a misconfiguration in the authentication methods or settings.

       
      Browser compatibility issues: Certain browsers are not properly handling the 2FA authentication flow.

       
      Expired authentication sessions: Authentication sessions are timing out before completing the 2FA process.

       
      Cache and cookie problems: Browser cache or cookie issues are interfering with the authentication process.

Resolution

     
    Verify time synchronization:

       
      Ensure that the server time is correctly synchronized with NTP servers.

       
      Check that the user's authenticator app is properly time-synchronized.

       
      For TOTP issues, verify the time skew settings.

     
    Check email or SMS delivery:

       
      Verify the SMTP server settings under Admin > General Settings > Server Settings.

       
      Test email delivery using the test mail option.

       
      For SMS delivery, confirm that the SMS gateway configuration is correct and the service is operational.

     
    Review 2FA configuration:

       
      Check that the correct authentication methods are enabled under Admin > Logon Settings > Two-Factor Authentication.

       
      Verify that user accounts are properly configured for 2FA.

       
      Ensure that authentication policies are not conflicting.

     
    Browser-related issues:

       
      Clear browser cache and cookies.

       
      Try an alternative supported browser.

       
      Disable browser extensions that might interfere with the authentication process.

Tips

     
    Implement backup authentication methods for users to prevent lockouts.

     
    Regularly verify email and SMS delivery settings to ensure they remain operational.

     
    Train users on proper 2FA procedures and what to do if they encounter issues.

     
    Establish a clear process for handling lost authenticator devices or authentication problems.

     
    Keep ADAudit Plus updated to the latest version for improved 2FA functionality.

     
    Regularly audit 2FA settings and configurations to ensure security policies are maintained.

     
    Consider setting up emergency access procedures for critical situations.

Related topics and articles  

     

How to reach support

If the issue persists, contact our support team here

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products