There are a lot of hits on the net for this topic but I can't find any that apply or work. For our XP clients our fortigate VPN connection works fine. For Windows 7 clients there is a consistant failure for applications to resolve internal host names. nslookup resolves them fine but other apps - ping/ie do not. I can do an nslookup of internal.mydomain.com and receive the correct internal IP address. But if i ping internal.mydomain.com (or internal.mydomain.com. ) it fails with 'ping request could not find host internal.mydomain.com. Please check the name and try again.' If I place an entry in the hosts table name resolution succeeds. From IPCONFIG /ALL: Node type is hybrid. the PPP driver is registering the correct internal DNS servers. NSLookup reports these servers. The vpn server provides ip addresses on the same subnet as the DNS servers. The DNS servers being used are WS2003. We have also tried setting the DNS to a WS2008R2 server with no luck. Any suggestions?

Hi, According the issue, I’m just wondering that if your domain name is internal.mydomain.com.XXX? By default in Windows Windows 2008 , when a machine attempts to resolve unqualified multi-label name, the DNS client will attempt to resolve the name as specified. The DNS suffix search order will NOT be used. It is disabled by default to performance concern .The registry key “AppendToMultiLabelName” = 1 can be added to change the default behavior. You will have two ways to change the registry on them: 1. Modifying registry Please backup registry before modify it by following steps: 1) Click Start button, type regedit in the Search box, and then press ENTER. 2) Right-click Computer, click Export, Save a backup file on your desktop. Notice: If an unexpected issue be encountered after modifying registry, please double click the backup file to restore registry. After backup, please refer the following steps: Created the DWORD : AppendToMultiLabelName under HKLM\Software\Policies\Microsoft\Windows NT\DNSClient dword: 0 = Do not append, 1 = Append After that, please restarted the DNS Client Service 2. Group Policy location - (run gpedit.msc) Computer Configuration->Administrative Templates-> Network-> DNS Client-> “Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries” I suggest you to try one of your client(Windows 7) using the registry above and see if this issue still persists. And, If you have anything unclear in my explanation, please feel free to let me know.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Sorry about the delay getting back but end of school year tasks derailed this investigation. The fix above did not help the issue. My reading on that reg entry suggest it affects the way unqualified names are handled. This particular problem holds true for fully qualified names. My sense is that the DNS client is not querying the DNS server inside the VPN zone. If a name is only in the internal DNS server it will not resolve through the VPN. If it is in the external server the name resolves just fine. I really think DNS client knows the correct name to lookup but just is not consulting the internal DNS. In XP there was a setting for how DNS resolution worked (iirc it let you choose to consult only the internal or internal for local addresses and external for all others). Is there a similar setting in 7?