"Could not start MFA process" after client update on Windows 11 25H2

[ladyofshalott]

Defguard client 1.6.4 works stable, but in versions 1.6.5 and now also in version 1.6.6 a registered instance is not able to establish MFA after the client has been updated or installed.

The error that repeatedly appears is: "Could not start MFA process. Please try again or contact administrator.":

• For a gateway configured with OpenID, this error repeats in a loop.
• For a gateway configured with Defguard-based MFA such as email TOTP, the error is only generated after manually pushing the 'Use your {{MFA method}}' button.

It seems as if the instance rejects the updated client's authenticity or the client can't reach the instance.

This phenomena happens on a Windows 11 (Enterprise) client with version 25H2 / OS build 26200.7840.

Deleting the instance and reinitiating the enrollment process throws an error as well: one-click enrollment opens the Defguard client, but doesn't register the device; manual enrollment generates an error in sending the URL to the proxy server. The error specifically refers to a {{proxyurl}}/api/v1/auth URL.

The following actions failed:

• Rebooting the endpoint.
• Delete the client and doing a new installation.
• Manually deleting C:\ProgramData\Defguard prior to clean installation.

Installing the 1.6.4 client however does restore functionality immediately.