I'm trying to figure out a puzzling issue we're experiencing with our patch management setup. We use SCCM and PatchMyPC for updating software, and some apps have moved to Intune. We also rely on Cisco for our VPN and use DUO Desktop for multi-factor authentication and posture checking. Recently, DUO Desktop mysteriously vanished from over half of our endpoints. We know it was installed when we set up the Cisco VPN because it was required for access. We're unsure if the uninstallation was triggered by an update conflict between Intune and SCCM or something from PatchMyPC, but we can't find any helpful information in the logs. Moreover, we couldn't pinpoint when it was removed since the VPN continued to work for everyone. I'd love to hear if anyone else has faced a similar situation, especially with PatchMyPC or this kind of environment!
5 Answers
This definitely sounds like a silent upgrade gone wrong. Cisco often removes the old agent before installing a new one. If the attempt fails, you can be left with nothing. I recommend pulling the MSI logs from the affected systems to match timestamps with your SCCM deployments. You might find a conflict between a PMPC update and a Cisco update causing the issue.
It sounds like you should narrow down your troubleshooting to find commonalities among the affected endpoints. Are they on the same software version for DUO and Cisco? Check Intune policies for discrepancies and consider any technical groupings that might apply. It could also be worth exploring the history of check-ins, patching, or even any hardware similarities that might provide clues.
All these software solutions generate logs that can help you trace what's going wrong. Look into the AppEnforce and WUAHandler logs from ConfigMgr, as well as the PatchMyPC logs for updates. The Windows Event Logs should also indicate when things changed. There’s usually a lot of information available to confirm what happened.
What versions were you using? I’ve seen problems with DUO versions 7.6 and 7.11 that could've caused your issue. It’s worth checking if you were on one of those.
My guess is that Cisco's backend might have tried to automatically update DUO, which causes the old agent to get removed before installing the new version. This can lead to situations where there's no local authority to reinstall. You might want to decide between managing your apps with SCCM or Intune to avoid these types of conflicts in the future.
I had a similar experience where the Cisco auto-update messed up the install. It removes the existing version and needs local admin rights to put the new one back. If anything disrupts that process, you end up with an empty install. I've seen this lead to issues on many machines.