Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Client Not Resolving DNS Properly With Windows Insider Builds (19608)+; Any Work Arounds?

Solved
StephenWhiteD3G
Here to help
‎Apr 18 2020 7:58 PM
‎Apr 18 2020 7:58 PM

VPN Client Not Resolving DNS Properly With Windows Insider Builds (19608)+; Any Work Arounds?

For some reason, starting earlier this month or late last month, Microsoft changed something with Windows 10 where it is now not correctly resolving DNS when you are connected with a VPN. Previously, I was able to connect to our Meraki VPN via the Windows 10 client or Rasphone and it would properly resolve the DNS server and I could browse to network resources. Now I have to enter in the full domain name for a network resource to use RDP or use file explorer (I.E. To access a computer via RDP I have to enter in MyComputer.MyDomain instead of just MyComputer). 

I have brought this up on the Feedback hub and also the MS Tech Community and unfortunately no one from MS has responded. At least one other person has mentioned they are now having DNS resolution issues with the insider builds. I know that this is to be expected with the insider builders, but my main fear is that this is going to leak its way into the 20h1 update and cause a lot of havoc. Has anyone else been having this problem and have they found any work arounds or changes that need to be made due to "undocumented" changes in Windows with the insider builds? 

0 Kudos
Subscribe
1 Accepted Solution
In response to StephenWhiteD3G
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 19 2020 1:28 AM
‎Apr 19 2020 1:28 AM

If you are connecting to an Active Directory infrastructure I would always specify it.

 

If you are using the "Add-VpnConnection" use the "-DNSSuffix" option to specify it.

View solution in original post

Subscribe
5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 19 2020 12:39 AM
‎Apr 19 2020 12:39 AM

Has the VPN connection got the domain suffix defined (which specifies what gets appended when you specify only a hostname)?

 

When connected, does the client VPN interface have the lowest interface metric (so that its DNS settings get used over other connections)?

Subscribe
In response to PhilipDAth
StephenWhiteD3G
Here to help
‎Apr 19 2020 1:24 AM
‎Apr 19 2020 1:24 AM

Hi Phillip,

No the VPN connection did not have the domain suffix defined. After I added that, it looks like I can now access resources without having to specify the FQDN. Host names work again. I'll probably need to test to make sure LDAP works correctly too, but I think you may have just done me a huge favor. Thanks. 

And yes, the metric was set to the lowest.

Out of curiosity, do you know if it's a best practice to specify the domain suffix anyways with the meraki client regardless as to whether or not the machine is actually joined to the domain in question? We have been using a powershell script to deploy it to other machines (both domain joined and non domain joined because we have some part time employees who work for multiple companies and they bring their own devices) and the one we have been using doesn't specify the domain suffix.

0 Kudos
Subscribe
In response to StephenWhiteD3G
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 19 2020 1:28 AM
‎Apr 19 2020 1:28 AM

If you are connecting to an Active Directory infrastructure I would always specify it.

 

If you are using the "Add-VpnConnection" use the "-DNSSuffix" option to specify it.

Subscribe
In response to PhilipDAth
StephenWhiteD3G
Here to help
‎Apr 19 2020 1:45 AM
‎Apr 19 2020 1:45 AM

Thanks for the answer! I appreciate it, and it's awesome to learn something new. I'll share this with the rest of my team and let them know may we need to update our powershell script.

0 Kudos
Subscribe
In response to StephenWhiteD3G
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 19 2020 1:49 AM
‎Apr 19 2020 1:49 AM

If you want to take it next level, check out my client VPN wizard.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.