product icon

How to validate if LastPass Universal Proxy v4.x can communicate with your primary authentication server and/or LastPass Authentication Server on Windows?

    Problem

    Second-factor authentication (that is, Both LastPass MFA and system password (SFA) server mode) is not working with my LastPass Universal Proxy configuration. I would like to check if Universal Proxy can communicate with the LDAP/RADIUS server and if Universal Proxy can communicate with the LastPass Authentication Server.


    Figure 1. LastPass Universal Proxy Network Diagram

    For more information on server modes, see Server Modes.

    Remedy:

      When choosing the Either LastPass MFA or system password (PLP) server mode you can authenticate either using a password with the primary authenticator (that is, LDAP/RADIUS server, number 3 in the previous image) or with the LastPass Authenticator app (that is, LastPass Authentication Server, number 4 in the previous image). Therefore, you can check separately whether the authentication works with LDAP/RADIUS server or the LastPass Authentication Server. Change the server mode in the Universal Proxy configuration to PLP:

      1. Open the command prompt and execute the following command: 
        uproxy -configurationTool
      2. When configuring the server setup in the Challenge mode field, choose Either LastPass MFA or system password [PLP].
      3. Complete the configuration.
      4. Once installed and configured, you must restart the Windows service for the LastPass Universal Proxy as follows:

        Open PowerShell and execute the following command:

        uproxy -restart
        Important: You can check the service status in the following ways:
        • In the Services window, the Status must be listed as Running, and the Startup Type should be listed as Automatic. In case the server must reboot, the LastPass Universal Proxy service will automatically start.
        • Open PowerShell and execute the following command: 
          uproxy -status

      Log in to your VPN client:

      1. Check if Universal Proxy can communicate with the LastPass Authentication Server:
        • If you use the LDAP/LDAPS protocol, enter less than 4 characters in the password field, to use the LastPass Authenticator app and receive a push notification.
        • If you use the RADIUS protocol enter an asterisk (*) in the VPN client password field to use the LastPass Authenticator app and receive a push notification.

        Result:

        If you receive a push notification it means Universal Proxy can communicate with the LastPass Authentication Server.

        If you do not receive a push notification it means Universal Proxy cannot communicate with the LastPass Authentication Server.

      2. Check if Universal Proxy can communicate with the LDAP/RADIUS server:
        • Log in to your VPN client with your test user’s credentials.

        Result:

        If the authentication works, and you can log in, it means Universal Proxy can communicate with the LDAP/RADIUS server.

        If the authentication fails and you cannot log in, it means Universal Proxy cannot communicate with the LDAP/RADIUS server.