"No such host is known" error message while using Azure VPN with Windows Roaming Client
UWP VPN application users receive a No such host is known or similar error message when attempting to initiate a VPN session when the Roaming Client is active. This prevents the user from connecting successfully to the VPN.
This error will not appear if the roaming client is stopped or if the desktop edition of the VPN client is utilized.
By design, Microsoft constructed “modern” apps in Windows 8+ to be more sandboxed. One of these limitations applies to VPN applications.
VPNs built on the UWP (apps) are restricted to using the interface generating the query. Since the Windows Roaming Client is listening on 127.0.0.2 - a different interface l0 - the query therefore never hits the roaming client (or any other DNS forwarding run on 127.0.0.2).
DNSFilter can't update the agent to change this Windows behavior: 127.0.0.2 being set as the local DNS server is a core requirement for the Roaming Client to function. But we can offer solutions to work around the issue!
Issue resolution recommendations
#1 Update to Windows 11
Improvements in how Windows 11 handles UWP applications means this is not an issue with Windows 11 devices.
#2 Use an NRPT DNS Client rule
An NRPT DNS Client rule can send the query to another resolver, bypassing our Roaming Client for just this domain.
The NRPT is a table that contains rules that can be configured to specify DNS settings or special behaviors for names or namespaces.
Configure the NRPT using with Windows PowerShell or the Group Policy Management Editor under Computer Configuration > Policies > Windows Settings > Name Resolution Policy.
Sample PowerShell script to add an NRPT rule
# this script is meant to have the Windows OS bypass the RC completely for specific domains, the OS will use DNS servers set in the $DnsServers value
# Add DNS Servers - Set this to the IP of DNS servers to be used
$DnsServers = (
"Enter resolver ip(s) here"
)
# parameters that will be passed into Add-DnsClientNrptRule cmdlet - documenation here https://learn.microsoft.com/en-us/powershell/module/dnsclient/add-dnsclientnrptrule?view=windowsserver2019-ps
$params = @{
Namespace = "Enter domain suffix Here"
NameServers = $DnsServers
DisplayName = "Enter name of rule here"
}
try {
Add-DnsClientNrptRule @params
}
catch {
"Adding NRPT rule failed with the following message: $_"
}
Let us know if you've found other workarounds/solutions in the comments!
Please sign in to leave a comment.
Comments
0 comments