Connection attempts using the VPN client would fail with an error message.
All users on all 3 campuses were affected by the intermittent VPN issues. New VPN logins could not be established.
The DuoProxy talks to mesa-ldap.gmu.edu which is a VIP on the F5 that talks to the AD domain controllers. An InCommon certificate is used, and the DuoProxy was using an intermediate chain that had expired.
Updated the chain file in/opt/duoauthproxy/conf/incommon-ssl.ca-bundle, also patched and rebooted the proxy servers. This resolved that issue.
Update certificate prior to expiration date.