How do I resolve the error "Bad request timestamp" when using Duo Authentication for Windows Logon? - Cepheus Solutions Inc.

Knowledge Base Help Center

Categories

How do I resolve the error “Bad request timestamp” when using Duo Authentication for Windows Logon?

You are here:
← All Topics
ISSUE
A “Windows Security: Bad request timestamp” or “40105 Bad request timestamp” error occurs when logging into Duo Authentication for Windows Logon.
RESOLUTION

Please ensure that the system time where Duo is installed is properly synced with NTP time and the time zone is set correctly.

If the server that is prompting this error message is a virtual machine (VM), please ensure that the VM server’s (the host machine) time is also synced with the correct time.

If you don’t have access to the server in order to confirm the system time, please try the following:

  • Log in to the Duo Admin Panel and see if you can find the failed authentication attempt in the Authentication Logs.
    • If you do see it, this indicates your Windows Server has connectivity to Duo’s cloud service. If this is the case, put the user in bypass status and try logging in again.
    • If the authentication attempt is not appearing in the Authentication Logs, it is possible your Windows Server does not have connectivity to Duo’s cloud service.
      • You could modify the registry configuration with safe mode, remote registry or alternatively push an update to that Windows Server via GPO to tell it to FailOpen and ensure the system is not able to reach the Duo cloud to regain access.
      • Please note that if the system time is wrong, the FailOpen setting will not work if the Windows machine is still able to reach out to Duo Cloud. You will need to ensure the machine is not able to reach the Duo Cloud for the FailOpen setting to work.
  • If you have physical access to the Windows Server, try booting into safe mode and uninstalling Duo Authentication for Windows Logon.
  • Ensure that your NTP server is serving UTC (Coordinated Univeral Time). NTP servers, by design, are generally configured to serve only UTC time. All timezone and offsets, such as BST, are meant to be adjusted by the clients and not by the NTP server.
    • Ensure you sync the endpoint system time with the NTP server after making changes.



CAUSE
This is typically caused by your system’s time being out of sync. Duo uses the timestamp as sent in the request by the system where Duo Authentication for Windows is installed to ensure the integrity of the authentication process.
ADDITIONAL INFORMATION

After you have regained access to the server, you can prevent future time sync issues by ensuring your time is configured properly. The maximum accepted time offset between your servers and Duo is 60 seconds.

Please see the following Microsoft documentation pages for more information:

The Duo client for Windows Logon and RDP gets the time for the timestamp as UTC from Windows via the GetSystemTime API. If Microsoft has not updated its timezone definitions, the calculation of UTC may not be correct. Ensure you regularly run Windows updates to get the latest timezone definitions.

For more information or help troubleshooting, see our Duo Authentication for Windows Logon and RDP troubleshooting documentation or more related Windows Logon Knowledge Base articles.

Related articles pertaining to Windows Logon Offline Access:

Table of Contents
https://cepheussolutions.com/wp-content/uploads/2019/08/cs-logo-full-320x60.png
https://cepheussolutions.com/wp-content/uploads/2019/10/cs-logo-footer.png
Subscribe

If you wish to receive our latest news in your email box, just subscribe to our newsletter. We won’t spam you, we promise!

Loading
Cepheus Solutions

Creating, consulting, managing, and maintaining.
We have the services available to help your company succeed.
We are the last technology company you will ever need.

Subscribe

If you wish to receive our latest news in your email box, just subscribe to our newsletter. We won’t spam you, we promise!

Loading
Cepheus Solutions

Creating, consulting, managing, and maintaining.
We have the services available to help your company succeed.
We are the last technology company you will ever need.

Copyright by CEPHEUS SOLUTIONS. All rights reserved.