Name Resolution Policy Table (NRPT) only active on device tunnel but not user tunnel

%3CLINGO-SUB%20id%3D%22lingo-sub-2749232%22%20slang%3D%22en-US%22%3EName%20Resolution%20Policy%20Table%20(NRPT)%20only%20active%20on%20device%20tunnel%20but%20not%20user%20tunnel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2749232%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20configured%20NRPT%20on%20our%20%22Always%20On%20VPN%20-%20UserTunnel%22%20configuration%20profile%20in%20Intune.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConfiguring%20it%20on%20the%20device%20tunnel%20is%20not%20supported%20as%20this%20article%20states%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-access%2Fvpn%2Fvpn-device-tunnel-config%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-access%2Fvpn%2Fvpn-device-tunnel-config%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20when%20I%20am%20connected%20with%20the%20device%20tunnel%20only%20and%20I%20run%20the%20Get-DnsClientNrptPolicy%20Powershell%20cmdlet%20then%20I%20see%20the%20correct%20NRPT%20configuration%20(which%20we%20defined%20on%20the%20user%20tunnel).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThen%20when%20I%20connect%20the%20user%20tunnel%20VPN%2C%20the%20device%20tunnel%20automatically%20disconnects%20and%20the%20NRPT%20configuration%20disappears%20(the%26nbsp%3BGet-DnsClientNrptPolicy%20cmdlet%20gives%20no%20output%20anymore%20and%20desired%20DNS%20behaviour%20doesn't%20work%20as%20expected%20anymore).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20missing%20something%20here%20or%20is%20this%20situation%20the%20opposite%20of%20what%20it%20is%20supposed%20to%20be%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20already%20for%20the%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

Hi there,

 

We have configured NRPT on our "Always On VPN - UserTunnel" configuration profile in Intune. 

 

Configuring it on the device tunnel is not supported as this article states: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-device-tunnel-config

 

However, when I am connected with the device tunnel only and I run the Get-DnsClientNrptPolicy Powershell cmdlet then I see the correct NRPT configuration (which we defined on the user tunnel). 

 

Then when I connect the user tunnel VPN, the device tunnel automatically disconnects and the NRPT configuration disappears (the Get-DnsClientNrptPolicy cmdlet gives no output anymore and desired DNS behaviour doesn't work as expected anymore).

 

Am I missing something here or is this situation the opposite of what it is supposed to be? 

 

Thanks already for the help.

0 Replies