Outage category: VPN
Location: All Campuses
Status: Open
Resolved Alert:
Initial Symptoms
Calls were received that people could not access the VPN due to issues with Duo.
Root Cause Analysis
Cause
ITS was changing from Cisco ISE to Aruba ClearPass authentication. There was an issue with how ClearPass handled the Duo process since it requires user interaction.
Resolution
Aruba Tac configured a permanent fix.
Now that the problem is resolved, people connecting to VPN will receive at most 2 DUO push notifications for each login attempt – one immediately and a second one 30 seconds later if the first is not acted on. The total authentication timeout window to complete user/password and DUO 2FA is now 50 seconds.
Prevention
Aruba Tac configured a permanent fix.