You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: resources/troubleshooting/README.md
+11-3Lines changed: 11 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,10 +58,10 @@ This error usually indicates that the client version is outdated and can't commu
58
58
59
59
## Client: **Could not start MFA process**
60
60
61
-
When setting up MFA/2FA in Defguard, you may encounter the following error when entering the code in the desktop client: **"Could not start MFA process".** 
61
+
When setting up MFA/2FA in Defguard, you may encounter the following error when entering the code in the desktop client: **"Could not start MFA process".**
62
62
63
63
Additionally, client application debug logs may show the following error:\
64
-
&#xNAN;**"Failed to deserialize the JSON body into the target type: code: invalid type: string "005325", expected u32 at line 1 column 268."**
64
+
\&#xNAN;**"Failed to deserialize the JSON body into the target type: code: invalid type: string "005325", expected u32 at line 1 column 268."**
65
65
66
66
This error indicates that one of the following components is outdated:
67
67
@@ -79,7 +79,7 @@ Best would be to setup on the server NTP time synchronization.
79
79
80
80
## I get the following error: There was a network error. Can't reach proxy
81
81
82
-
This error may happen when the client is unable to make a POST/GET request to your proxy web server. Make sure your proxy is accessible by the client, e.g. by making a GET request by hand or visiting your enrollment/proxy page from the same machine you are running the client on. 
82
+
This error may happen when the client is unable to make a POST/GET request to your proxy web server. Make sure your proxy is accessible by the client, e.g. by making a GET request by hand or visiting your enrollment/proxy page from the same machine you are running the client on.
83
83
84
84
In some rarer cases, your web server may not accept TLS versions lower than 1.3. Since the maximum version of TLS supported by the client is 1.2, it won't be able to connect to your web server, producing the mentioned error.
85
85
@@ -178,3 +178,11 @@ The user tries to sign in to a Defguard instance but gets a 401 response with me
178
178
This issue is most likely caused by a misconfigured `DEFGUARD_URL` . Please take a look at the configuration options described in [General configuration](../../configuration.md#general-configuration) documentation.
179
179
180
180
If you want to access your Defguard instance without TLS (using an `http://` URL), please also make sure you have everything configured according to [Auth cookies configuration](../../configuration.md#auth-cookies-configuration) documentation.
181
+
182
+
## User lost access to their 2FA methods
183
+
184
+
If a user lost their TOTP app or security key and is therefore unable to log in it is possible for an admin to disable MFA for their account.
185
+
186
+
In order to do this go to the `Users` page and find the relevant user in the list. Then click on the cog button on the right and select `Disable MFA`. You will be then asked to confirm your choice.
187
+
188
+
It's recommended that after MFA is disabled the user should configure a new MFA method as soon as possible.
0 commit comments