Support Center > Search Results > SecureKnowledge Details
FDE Stuck at "User Acquisition" with Cisco DUO MFA Installed Technical Level
Symptoms
  • FDE Stuck at "User Acquisition" with Cisco DUO MFA Installed.
  • FDE Blade will not start the encryption process.
Cause
The problem that comes into play here is that Windows GINA is no longer used as it was in Windows XP, Windows Vista and Windows 7.

Starting with Windows 10, a new method called Credential Provider(s) is used to control stored and used credentials. Our FDE Blade has supported Credential Provider for quite some time. Refer to sk118817 and sk152915.

With that said, Duo does not claim support for wrapping/chaining their Credential Provider.

See Duo's answer to the question directly below, or refer to the following URL: https://duo.com/docs/rdp-faq

Does Duo Authentication for Windows Logon work with Third-Party Disk Encryption Software or other Credential Providers?
"Duo's Credential Provider cannot be chained with other Credential Providers present on your system. Disk Encryption Software that stores the Windows user name and password provided before boot may no longer use those credentials to automatically log on to Windows."

If wrapping does not work, or is not allowed, the functionality provided by our FDE Credential Provider will be lost (User Acquisition, password sync, etc...).


Solution
This is not a Check Point issue.

Since Duo does not support wrapping Third-Party Credential Providers and being wrapped by Third-Party Credential Providers, it is best for the customer to open a case with Duo to check if support for wrapping/chaining can be added, or get a more detailed answer from Duo as to why their Credential Provider cannot wrap, and or be wrapped.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment