SOLVED

Problem with Azure VPN Point-to-site

Copper Contributor

Behaviour:
When connecting to P2S VPN the computer reports loss of internet connection(DnsProbe/WebProbe not responding) on the actual local network(home or other).

Browsing internet still works and DNS name resolutions works as well.

The issue can after a while resolve and then appear again while still being connected to the P2S VPN. Disconnecting P2S VPN will resolve the issue immediately.

 

Occurrence:

The problem is intermittent. Sometimes Windows reports no internet directly after connecting through Azure VPN and sometimes it can take hours.

 

User impact:

When it says 'no internet' Outlook will not start. Starting Outlook before connecting to VPN is a workaround(will still be able to fetch new emails afterwards).

 

Ticket opened through CSP-portal with Microsoft but we are 2 months in from first raising this ticket and we keep getting transferred around different departments showing the issue repeatedly.

We now turn over to the great knowledge around the internet to hopefully get any helpful info or solution.

3 Replies

Good talk guys!
Just came back to present what MS support informed me about after 4 months of troubleshooting this issue together.
"Thank you for your detailed information and testing.

I’ve just been told from Intune end that this is by design behavior of P2S connection on VPN gateway when using custom DNS and no workaround but use Azure DNS.

I understand that this can be a little frustrating but Intune team has confirmed this as nothing is your end is wrong or misconfigured."

 

Now I am trying to find a way to get this hybrid-environment to work for our users. We are using OpenSSL-VPN since that supports Azure AD Authentication and from what I can see we cannot redirect DNS-requests for a particular domain to go to our custom DNS and everything else on the local interface DNS.

best response confirmed by Pallind (Copper Contributor)
Solution

@Pallind 

So... We continued our troubleshooting with Microsoft Support since we reported the same issue in 2 other environments and I can happily inform that after another month of tracing and investigation of the NCSI logs we were presented with the following solution:

Symptom:
While on P2S VPN, client machines report connectivity loss but browsing and DNS still work.  

Cause:
According to the NCSI trace, the DNS probe was not using proxy but going Direct instead.

Resolution:
Enabled the Specify Global DNS via Registry Key which seems to have solved the problem for now.

Registry Key modified: RegPath: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator

RegKey: UseGlobalDns=1

Type: DWORD

 

We are now running this with three different environments/customers and we have zero reported issues from the when now working over Azure VPN.

 

Case closed!

Nice talk! Good catch!
1 best response

Accepted Solutions
best response confirmed by Pallind (Copper Contributor)
Solution

@Pallind 

So... We continued our troubleshooting with Microsoft Support since we reported the same issue in 2 other environments and I can happily inform that after another month of tracing and investigation of the NCSI logs we were presented with the following solution:

Symptom:
While on P2S VPN, client machines report connectivity loss but browsing and DNS still work.  

Cause:
According to the NCSI trace, the DNS probe was not using proxy but going Direct instead.

Resolution:
Enabled the Specify Global DNS via Registry Key which seems to have solved the problem for now.

Registry Key modified: RegPath: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator

RegKey: UseGlobalDns=1

Type: DWORD

 

We are now running this with three different environments/customers and we have zero reported issues from the when now working over Azure VPN.

 

Case closed!

View solution in original post