Attempting to install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO but didn't succeed on 29 April 2022 Friday

Turritopsis Dohrnii Teo En Ming 26 Reputation points
2022-05-01T10:15:26.303+00:00

Subject: Attempting to install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO but didn't succeed on 29 April 2022 Friday

Good day from Singapore,

The following are the reference guides which I have followed.

Reference guide 1: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
Link: https://duo.com/docs/winlogon-gpo

Reference guide 2: How to link a GPO to an OU?
Link: https://www.manageengine.com/products/active-directory-audit/kb/how-to/how-to-link-a-gpo-to-an-ou.html

Reference guide 3: Windows SDK
Link: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/

Reference guide 4: Win MSI deploy via GPO fails
Link: https://community.duo.com/t/win-msi-deploy-via-gpo-fails/10692

Reference guide 5: How to create and manage the Central Store for Group Policy Administrative Templates in Windows
Link: https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store

Reference guide 6: Duo Authentication for Windows Logon and RDP (it's important to enroll users before installation)
Link: https://duo.com/docs/rdp

Reference guide 7: Group Policy Software installation fails - Error 1612
Link: https://community.spiceworks.com/topic/637438-group-policy-software-installation-fails-error-1612

I have created a Group Policy Object GPO to install Cisco Duo Security Group Policy MSI Installer in Windows Server 2012 R2 Datacenter, which is a domain member server, but it failed.

Here are the error messages from Event Viewer in Windows Server:

Windows failed to apply the Software Installation settings. Software installation settings might have its own log file. Please click on the "More information" link.

The install of application Duo Authentication for Windows Logon x64 from policy Deploy Duo Client to Windows server failed. The error was : %%1612

Is it possible that Cisco Duo Security Group Policy MSI installer is incompatible with Windows Server 2012 R2 Datacenter?

Is it possible that Cisco Duo Security Group Policy MSI installer can only be installed on domain member workstations like Windows 8, Windows 10 and Windows 11?

The following guide keeps mentioning domain member workstations for a total of 4 times.

Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy

Link: https://duo.com/docs/winlogon-gpo

I have a 2nd question. If it is not due to incompatibility issue, could the installation error be due to file and folder names on the centralized software deployment share?

Deployment source: \fileserver1\d\Duo4.2.0\DuoWindowsLogon64.msi

Transforms: \fileserver1\d\Duo4.2.0\duo420-64.mst

I am wondering if the file and folder names listed above could present a problem.

I am looking forward to your replies.

Thank you very much.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Singapore
1st May 2022 Sunday

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,125 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Turritopsis Dohrnii Teo En Ming 26 Reputation points
    2022-05-05T14:43:10.427+00:00

    Subject: How to successfully install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects (GPO)

    Dear all,

    I have finally solved the problem on 4 May 2022 Wednesday morning in Singapore.

    These are what you have to do.

    Refer to the following guide.

    Reference guide: Duo Authentication for Windows Logon (RDP) - Active Directory Group Policy
    Link: https://duo.com/docs/winlogon-gpo

    Create the 1st Group Policy Object (GPO) using the above guide, under the section "Creating the Duo Authentication for Windows Logon GPO".

    DO NOT create the 2nd Group Policy Object (GPO) under the section "Deploying Duo Authentication for Windows Logon to clients using Active Directory". This is because Cisco Duo Group Policy MSI installer (.msi) is incompatible with and cannot install on Windows Servers. The MSI installer only installs on domain member workstations like Windows 8, Windows 10, and Windows 11.

    Since my task is to install Cisco Duo client on Windows Server 2012 R2 Datacenter, I repeat, DO NOT create the 2nd Group Policy Object (GPO).

    Download and install the Cisco Duo client (.exe) and follow the instructions from the following guide.

    Reference guide: Duo Authentication for Windows Logon and RDP
    Link: https://duo.com/docs/rdp

    That's all. You have successfully installed Cisco Duo client on Windows Server 2012 R2 Datacenter, which is a domain member server.

    I have figured out all of these on my own.

    Thank you.

    Regards,

    Mr. Turritopsis Dohrnii Teo En Ming
    Singapore
    5 May 2022 Thursday

    1 person found this answer helpful.
    0 comments