FDE Stuck at "User Acquisition" with Cisco DUO MFA Installed.
FDE Blade will not start the encryption process.
The problem that comes into play here is that Windows GINA is no longer used as it was in Windows XP, Windows Vista and Windows 7.
Starting with Windows 10, a new method called Credential Provider(s) is used to control stored and used credentials. Our FDE Blade has supported Credential Provider for quite some time. Refer to sk118817 and sk152915.
With that said, Duo does not claim support for wrapping/chaining their Credential Provider.
Does Duo Authentication for Windows Logon work with Third-Party Disk Encryption Software or other Credential Providers?
"Duo's Credential Provider cannot be chained with other Credential Providers present on your system. Disk Encryption Software that stores the Windows user name and password provided before boot may no longer use those credentials to automatically log on to Windows."
If wrapping does not work, or is not allowed, the functionality provided by our FDE Credential Provider will be lost (User Acquisition, password sync, etc...).
This is not a Check Point issue.
Since Duo does not support wrapping Third-Party Credential Providers and being wrapped by Third-Party Credential Providers, it is best for the customer to open a case with Duo to check if support for wrapping/chaining can be added, or get a more detailed answer from Duo as to why their Credential Provider cannot wrap, and or be wrapped.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?