Thanks for your reply @CptnCrnch . I feared this may be the answer and suspect that the only way to get VPN clients registered in DNS on the Win server may be to change to forwarding DHCP requests for VPN clients to the Win svr DHCP server. Was hoping to avoid this for other config reasons.

---

@S_Ruffell_SBS wrote:

Thanks for your reply @CptnCrnch . I feared this may be the answer and suspect that the only way to get VPN clients registered in DNS on the Win server may be to change to forwarding DHCP requests for VPN clients to the Win svr DHCP server. Was hoping to avoid this for other config reasons.

---

I don't believe you can change what acts as the DHCP server for VPN clients. 

 

See: ASA where AnyConnect has an ip pool that's defined on the device itself.

Thanks Nash. I had seen the documentation on how to set DHCP relay but perhaps this only relates to VLANs that the appliance is aware of that are other than the VLAN that VPN clients establish themselves on
https://documentation.meraki.com/MX/DHCP/Configuring_DHCP_Relay

Thanks for reply @SJones .   

 

Yes, they are W10 domain joined machines. 

 

Yesterday I checked DNS scavenging enabled but it doesn't scavenge old records as it should (another whole new story - I believe a legacy non-existent DNS server is set as authority currently shown in dnscmd /zoneinfo ) - Joys of recently (just before lockdown) inheriting an organically changed and evolved infrastructure! Bit of tidying up to be done!

 

Thanks for the tip about adding 'register connection ...'  hadn't seen that before. Is showing currently as unchecked so need to think about how best to possibly deploy that setting to remote clients (pretty much all our user-base!), whilst being slightly limited by the original problem and its effect on being able to remote manage/deploy via hostnames that are out of date on DNS.  Will do some testing on that.

you can also set this in the pbk file: rasphone.pbk by setting the IPDNSFlags parameter to "3"
or by powershell:
$RASPhoneBook = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $RASPhoneBook) -Replace 'IpDnsFlags=0', 'IpDnsFlags=3' | Set-Content $RASPhoneBook

Thanks @ShenSimps for reply. Assume that is for alluserconnection which I think in our environment it almost certainly will be. Will do some testing on deployment, just hoping that my original quandary wont prevent me from remote execution of powershell command

I had to configure our script for this run the commands by remote PS: 

 

Invoke-Command -ComputerName $Computer -ScriptBlock {"Commands here"}

Thanks again for the tip. My only hurdle now is to get around the problem on not being able to address the hostname in $computer since that will resolve to the old/stale DNS record/IP of when it was last on the LAN. Not sure if it supports IP but will soon know.

I'm fairly certain IP address will work.  If not, you could always create a hosts file on the machine you're using to run the command.  If you have a ton to do, just download the VPN client list as CSV and do a quick edit of that to generate a temporary hosts file.

I am liking that idea @SJones . Thanks. a genius little workaround. then just reinstate empty(ish) hosts file after. Nice

With step 2, is there anyway to automate making that change across multiple laptops?  A powershell or cmd script?

Thanks for the reply @PhilipDAth . Whilst I certainly agree there isn't normally anything required for this to happen when clients obtain their IP via the LAN DHCP server (eg when connected to LAN or WLAN), I have found in my environment that when clients are connected to the Meraki VPN, and are assigned their IP from the internal DHCP to the Meraki, the on-prem DNS is completely unaware of these clients (even if they conduct DNS lookups via that server on the LAN), unless steps like those highlighted by @SJones and @ShenSimps above (ie force DNS registration  with a config change to TCPIP protocol on VPN adapter).   In the scenario you describe or have, does the Cisco/Meraki server DHCP ?