Outage category: VPN
Location: All Campuses
Status: Open
Resolved Alert:
Initial Symptoms
Connection attempts using the VPN client would fail with an error message.
Root Cause Analysis
Cause
The DuoProxy talks to mesa-ldap.gmu.edu which is a VIP on the F5 that talks to the AD domain controllers. An InCommon certificate is used, and the DuoProxy was using an intermediate chain that had expired.
Resolution
Updated the chain file in/opt/duoauthproxy/conf/incommon-ssl.ca-bundle, also patched and rebooted the proxy servers. This resolved that issue.
Prevention
Update certificate prior to expiration date.