DNS Issues with AnyConnect 2.4 on Windows 7 64-bit?

Unanswered Question
Dec 19th, 2009
User Badges:
  • Bronze, 100 points or more


My corporate laptop, Windows 7 64-bit, is connected to the head office using AnyConnect 2.4.0202 to a Cisco ASA 8.0(4).

Once connected I've been unable to query all non-A-type records. And because Active Directory heavily relies on SRV records for kerberos and ldap you propably understand I have big issues. Example: Outlook won't connect, filesharing won't trust integrated my security token and policies from AD are not applied.

I did some wireshark capturing and found out that, most likely, the anyconnect software is responding to DNS requests with "No such name" responses to my queries. Only A records seem to succeed. Whatever corporate DNS server I try to use when resolving, they all (even including non-existing servers!!) respond with "No such name", within 0,0001 seconds on a link with 10ms latency. This makes me think there is a problem with AnyConnect.

I have several colleagues with using Windows 7 32-bit with no problem.

Does any of the above sound familiar and is there a known solution to this?


Erik Tamminga

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
davidvanzummere... Mon, 12/28/2009 - 16:25
User Badges:

I am having the exact same issue.  Does this go away if you turn off split tunneling?

etamminga Tue, 12/29/2009 - 10:37
User Badges:
  • Bronze, 100 points or more

I have not been able to test this. Have you? The firewall is not under my control

davidvanzummere... Tue, 12/29/2009 - 15:24
User Badges:

Removing split tunneling did not help.  I reverted to version 2.3.2016 for the Anyconnect client and it works perfect.  Must be a bug in 2.4

Michael Dougherty Fri, 04/09/2010 - 11:31
User Badges:

Did anyone ever find the solution to this issue.  I am having a similar problem but with secondary DNS name inside the organization.


I am having a similar problem but only on my company Cisco wireless network.   Everything works fine on wired connections, my wireless at home and my sprint air card.

I am using an ASA 5510.  I have split tunneling and split DNS set up.  The VPN works perfectly on the Cisco wireless with Windows XP and Windows 7 32-bit.  I can access both internal and external sites by name.

On Windows 7 64-bit I can only access internal sites by name.  I can resolve names in my default VPN domain but not in other domains.

When on the VPN It looks like the DNS request is getting padded with the default suffix so

www.google.com becomes www.google.com.mydomain.com

I noticed that the wireless network is not serving up a default domain and I'm wondering if this could be the problem.  Unfortunately I don't control the wireless so I cannot easily test this theory.


This Discussion