DNS Issues with AnyConnect 2.4 on Windows 7 64-bit?

etamminga · ‎12-19-2009

Hi,

My corporate laptop, Windows 7 64-bit, is connected to the head office using AnyConnect 2.4.0202 to a Cisco ASA 8.0(4).

Once connected I've been unable to query all non-A-type records. And because Active Directory heavily relies on SRV records for kerberos and ldap you propably understand I have big issues. Example: Outlook won't connect, filesharing won't trust integrated my security token and policies from AD are not applied.

I did some wireshark capturing and found out that, most likely, the anyconnect software is responding to DNS requests with "No such name" responses to my queries. Only A records seem to succeed. Whatever corporate DNS server I try to use when resolving, they all (even including non-existing servers!!) respond with "No such name", within 0,0001 seconds on a link with 10ms latency. This makes me think there is a problem with AnyConnect.

I have several colleagues with using Windows 7 32-bit with no problem.

Does any of the above sound familiar and is there a known solution to this?

Regards,

Erik Tamminga

davidvanzummeren · ‎12-28-2009

I am having the exact same issue. Does this go away if you turn off split tunneling?

etamminga · ‎12-29-2009

I have not been able to test this. Have you? The firewall is not under my control

davidvanzummeren · ‎12-29-2009

Removing split tunneling did not help. I reverted to version 2.3.2016 for the Anyconnect client and it works perfect. Must be a bug in 2.4

ctuska · ‎12-29-2009

I am also having the same issue, have also put in a cisco TAC case on the issue. Will keep you posted with what TAC says

ctuska · ‎12-30-2009

Erik,

Do you mind sending me the data you have so I can forward to Cisco TAC? or email me and I will shot you over the TAC case number.

Tuska

Michael Dougherty · ‎04-09-2010

Did anyone ever find the solution to this issue. I am having a similar problem but with secondary DNS name inside the organization.

Thanks.

jmurphy · ‎12-29-2010

I am having a similar problem but only on my company Cisco wireless network. Everything works fine on wired connections, my wireless at home and my sprint air card.

I am using an ASA 5510. I have split tunneling and split DNS set up. The VPN works perfectly on the Cisco wireless with Windows XP and Windows 7 32-bit. I can access both internal and external sites by name.

On Windows 7 64-bit I can only access internal sites by name. I can resolve names in my default VPN domain but not in other domains.

When on the VPN It looks like the DNS request is getting padded with the default suffix so

www.google.com becomes www.google.com.mydomain.com

I noticed that the wireless network is not serving up a default domain and I'm wondering if this could be the problem. Unfortunately I don't control the wireless so I cannot easily test this theory.