Why is the Rublon Prompt not appearing on Windows?

Modified on Wed, 06 Mar 2024 at 02:18 PM

When you log in to one of the applications integrated with Rublon using Rublon Access Gateway, the Rublon Prompt appears, allowing you to choose one of the available methods of authentication. If you installed one of our connectors, Rublon Prompt also shows up when logging in to Windows Logon and RDP as well as RD Web Access. Still, sometimes the Rublon Prompt does not appear. This article lists the most common reasons why the Rublon Prompt is not appearing on Windows.


RDP Only Selected During Installation

If you do not uncheck the Prompt for MFA only for RDP logins checkbox during installation, only RDP sessions will prompt for MFA, while local system logons will be bypassed.


Uncheck the Prompt for MFA only for RDP logins option to enable MFA for both local system logons as well as RDP sessions.


This behavior can also be controlled post-installation by changing the value of the RublonRDPOnly parameter in Windows Registry:


1. Go to your Windows Registry and locate HKEY_LOCAL_MACHINE\SOFTWARE\Rublon\WindowsLogon.

2. Change the value of RublonRDPOnly to 0.


You Are Offline

If you are offline, the Rublon Prompt will not appear. You will be either bypassed or denied depending on the value of the OfflineBypass option in Windows Registry.


Wrong System Token or Secret Key

Ensure the values of System Token and Secret Key you provided during installation are correct.


Note that the values of System Token and Secret Key you have to provide during installation refer to the application of the type Windows you added in the Rublon Admin Console.


You can change the values of System Token and Secret Key in Windows Registry:


1. Go to your Windows Registry and locate HKEY_LOCAL_MACHINE\SOFTWARE\Rublon\WindowsLogon.

2. Change the values of SystemToken and SecretKey.


Changes will be effective immediately.


External Program Corrupted Installation

Our clients reported that some programs such as Symantec Endpoint Protection and Comodo Cyber Security made their installation silently fail and did not create registry keys. Turning off the program and retrying the installation solved the issue.


If you are facing similar issues with Rublon for Windows Logon & RDP, it is a good idea to temporarily turn off all your antiviruses, firewalls, and other external programs that might potentially disrupt the installation of Rublon for Windows.


Incorrect Firewall Configuration Makes Rublon Bypass MFA

Your firewall might be blocking Rublon for Windows from communicating with the Rublon API, which in turn makes Rublon for Windows bypass MFA (or deny access). While it’s a good idea to temporarily turn off your firewall during installation, you understandably cannot keep it off forever. You can however try turning it off again to test if Rublon MFA works again with the firewall off. If Rublon MFA works when your firewall is off but stops working when your firewall is on, then you have to add Rublon to the allow list in your firewall.


User Bypassed in Rublon Admin Console

Rublon Prompt does not appear for users whose status is set to Bypass in the Rublon Admin Console. Ensure that your User Status is not set to Bypass.


Bypass Policy Assigned to Windows Application

Chances are there’s a policy assigned to your Windows application in the Rublon Admin Console. A custom policy might bypass one or more users in your organization. You have to check if there is a custom policy assigned to your application and whether the policy’s settings might cause your users to be bypassed. Note that you also have to check the Global Policy. Follow the steps below:


1. In Admin Console, go to Applications.

2. In the list of applications, find your application of type Windows Logon & RDP and click its name.

3. In the Policy section, check if there is a custom policy assigned to your application. If not, go to step 7.

4. Check if Remembered Devices is enabled in the custom policy. A user might have checked Remember this device, which causes Rublon MFA to be bypassed.

5. Check if Authorized Networks is enabled in the custom policy. Authorized Networks bypass multi-factor authentication from the IP address ranges set in the text field. If the field is not empty, investigate if the IPs of your users fall within the authorized networks range.

6. Check if the Default Authentication Method policy is on. Default Authentication Method automatically selects Mobile Push (or any other authentication method) as the second factor during Rublon Authentication. When enabled, all other methods get deactivated and the method selection screen on the Rublon Prompt does not appear when authenticating. (It is possible to get back to it by clicking Back, though.)

7. Check steps 4 to 6 for the Global Policy.


Rublon Prompt Still Not Appearing

If you tried all the preceding advice but Rublon Prompt is still not appearing for you, contact Rublon Support.


Helpful Links

Rublon for Windows & RDP - Documentation

Allow List Information for Rublon

How to change User Status in Rublon Admin Console

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article