Meraki

StephenWhiteD3G · ‎Apr 18 2020

For some reason, starting earlier this month or late last month, Microsoft changed something with Windows 10 where it is now not correctly resolving DNS when you are connected with a VPN. Previously, I was able to connect to our Meraki VPN via the Windows 10 client or Rasphone and it would properly resolve the DNS server and I could browse to network resources. Now I have to enter in the full domain name for a network resource to use RDP or use file explorer (I.E. To access a computer via RDP I have to enter in MyComputer.MyDomain instead of just MyComputer).

I have brought this up on the Feedback hub and also the MS Tech Community and unfortunately no one from MS has responded. At least one other person has mentioned they are now having DNS resolution issues with the insider builds. I know that this is to be expected with the insider builders, but my main fear is that this is going to leak its way into the 20h1 update and cause a lot of havoc. Has anyone else been having this problem and have they found any work arounds or changes that need to be made due to "undocumented" changes in Windows with the insider builds?

PhilipDAth · ‎Apr 19 2020

If you are connecting to an Active Directory infrastructure I would always specify it.

If you are using the "Add-VpnConnection" use the "-DNSSuffix" option to specify it.

View solution in original post

PhilipDAth · ‎Apr 19 2020

Has the VPN connection got the domain suffix defined (which specifies what gets appended when you specify only a hostname)?

When connected, does the client VPN interface have the lowest interface metric (so that its DNS settings get used over other connections)?

StephenWhiteD3G · ‎Apr 19 2020

Hi Phillip,

No the VPN connection did not have the domain suffix defined. After I added that, it looks like I can now access resources without having to specify the FQDN. Host names work again. I'll probably need to test to make sure LDAP works correctly too, but I think you may have just done me a huge favor. Thanks.

And yes, the metric was set to the lowest.

Out of curiosity, do you know if it's a best practice to specify the domain suffix anyways with the meraki client regardless as to whether or not the machine is actually joined to the domain in question? We have been using a powershell script to deploy it to other machines (both domain joined and non domain joined because we have some part time employees who work for multiple companies and they bring their own devices) and the one we have been using doesn't specify the domain suffix.

PhilipDAth · ‎Apr 19 2020

If you are connecting to an Active Directory infrastructure I would always specify it.

If you are using the "Add-VpnConnection" use the "-DNSSuffix" option to specify it.

StephenWhiteD3G · ‎Apr 19 2020

Thanks for the answer! I appreciate it, and it's awesome to learn something new. I'll share this with the rest of my team and let them know may we need to update our powershell script.

PhilipDAth · ‎Apr 19 2020

If you want to take it next level, check out my client VPN wizard.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

Meraki

Community

VPN Client Not Resolving DNS Properly With Windows Insider Builds (19608)+; Any Work Arounds?

VPN Client Not Resolving DNS Properly With Windows Insider Builds (19608)+; Any Work Arounds?