VPN Client DNS Problem

Hi,

Normally, when we establish a VPN connection, we will receive the DNS setting from VPN server.

Windows client will prefer the VPN connection's DNS setting by default.

>>I verified this by making sure that the VPN Connectio GUID is on top of the list of the HKLM/System/CurrentControlSet/services/tcpip/Linkage Bind REG_MULTI_SZ value

If your binding order is correct, it should work for you.

As a workaround, we may try to configure NRPT on the client to force your client resolve the company's domain with the internal DNS server.

https://technet.microsoft.com/en-us/library/ee649235%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Note: This article is applied to DirectAccess, in your case, please start with step4 by using local group policy.

Best Regards.

August 12th, 2015 4:22am

Hi,

I can successfully connect to a Ikev2 VPN server from a Win 8.1 Client using the integrated VPN connection wizard/form.

I am also able to ping PCs in my company network, i.e. the company dns server.

My problem is that the default dns server is the one from my internal network at home (my local Ethernet connection). That dns server, of course, cannot resolve company FQDNs.

I checked the binding order and verified that the vpn connection is on top. I verified this by making sure that the VPN Connectio GUID is on top of the list of the HKLM/System/CurrentControlSet/services/tcpip/Linkage Bind REG_MULTI_SZ value.

When I open a CLI and type:"nslookup [FQDN of a company server]" it tries to resolve it by contacting my router at home and fails.

When I type "nslookup [FQDN of company server] [IpOfCompanyDNSServer] it uses the company DNS server and resolved the DNS name.

As you can see the company DNS server is not the default DNS server. Is there any way to change this?

Thanks

KR

Chris

Free Windows Admin Tool Kit Click here and download it now
August 12th, 2015 9:15am

Hi,

I created a NRPT and specified the DNS server and ran an gpupdate but it made no difference.

On other WKS the DNS server order is correct, so it must be a problem on this particular pc. Since it's my personal one I'd like to avoid a reinstall of the OS which would be recommended in case it was a company owned device...:)

Cheers

Chris

August 13th, 2015 10:05am

Hi,

Sorry, I didn't explain it clearly. I assume you have added the DNS entry in the DNS Settings for Direct Access. It won't work  because you haven't deployed the DirectAccess. We need to create the DNS entry in DNS Generic. Here is the screenshot of my lab:

We can verify the setting by using the command below:

  • Netsh namespace show effectivepolicy

It works for me in my lab:

Best Regards.

Free Windows Admin Tool Kit Click here and download it now
August 13th, 2015 11:08pm

Hi,

thanks. I did exactly what you proposed. :(

Netsh shows that it added the generic dns server. The 2ns entry is disabled and says something like VPN trigger.  But nslookup still uses the DNS server of my home router.

KR

Chris

August 14th, 2015 4:59am

Hi Steven,

now it's working. You pointed me to the right direction. Although the NRPT was set to a generic dns server, it is only being applied to a speicifc dns suffix. I noticed that the DNS suffix for the VPN connection was not added. (check Get-DnsClient)

I therefore added the connection-specific DNS suffix to the VPN connection. Now it resolves FQDNs correctly. Since it works on other workstations without additional config, I assume something is wrong with this pc.. I was not able to open the properties of the IPv4 protocol of the vpn connection.

Thanks for your help, much appreciated.

KR

Chris


Free Windows Admin Tool Kit Click here and download it now
August 14th, 2015 5:21am

Hi Steven,

now it's working. You pointed me to the right direction. Although the NRPT was set to a generic dns server, it is only being applied to a speicifc dns suffix. I noticed that the DNS suffix for the VPN connection was not added. (check Get-DnsClient)

I therefore added the connection-specific DNS suffix to the VPN connection. Now it resolves FQDNs correctly. Since it works on other workstations without additional config, I assume something is wrong with this pc.. I was not able to open the properties of the IPv4 protocol of the vpn connection.

Thanks for your help, much appreciated.

KR

Chris


  • Edited by Luxus Chris Friday, August 14, 2015 9:21 AM typos
August 14th, 2015 9:20am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics