P2S Client Dynamic DNS Registration
Point-to-Site (P2S) VPN Clients do not register DNS against VNet DNS Servers when connecting to VPN. This is supported by other VPN clients and should be supported by Azure.
Expected Result: When a client connects to Azure P2S VPN, the client should initiate a Dynamic DNS Registration towards the VNet-defined DNS servers to register myhostname.mydomain.local with the IP address received via the VPN tunnel.
This function is currently not supported, per this document:
Kenneth Edwards commented
This affects the function of Config Mgr Remote control when using Azure VPN. Microsoft should address that immediately.
Richard Austin commented
Having the same issue as you all, I have found the start of a way to get this going.
Not saying it's perfect and would love a better solution but it is so far working for me in my testing.
Basically a powershell script that grabs the ip address of the PPP connection to Azure VPN and clears out any existing DNS entries for that device and adds it's own.
Haven't put any conditions on yet such as if connected etc but it's a starter for 10. Edit - added a condition to only add if the connection is live and has an IP address.
#Get the Ip address from the Azure VPN PP connection if connected - Change Interfacealias to your connection name
$ip = $null
$ip = get-netipaddress -interfacealias VPNname | select -expandproperty IPaddress
#Remove any existing records for the computer name - Change DNSServer and Zone Name to your setup
remove-DnsServerResourceRecord -computername "DNSServer" -ZoneName "contoso.com" -RRType "A" -Name $env:computername -force
#Add new record based on the IP address of the PPP connection with a 8 hour TTL - Change DNSServer and Zone Name to your setup
Add-DnsServerResourceRecordA -computername "DNSServer"-Name $env:computername -ZoneName "contoso.com" -AllowUpdateAny -IPv4Address $ip -TimeToLive 08:00:00
James Wood commented
We just came across this issue. As noted, other VPN clients update Windows DNS correctly. We have tested this with the Cisco AnyConnect client successfully with our on-premise ASA. Anyone try forcing the update via a script or using a different firewall/vpn concentrator hosted in the Azure cloud? A virtual Cisco NGFWv?
James Coburn commented
I am astonished this isn't a feature yet. Has anyone got a workaround?
Hi, has anyone used a different VPN client? Using this client in a hybrid Azure model causes a management headache is you use SCCM or Ivanti to co-manage the devices.
Vik Bhakta commented
Same issues. No workaround has been found.
Hi, has anyone come up with a good workaround for this or used an alternative VPN client?
D'ali' Marco commented
We had the same problem. The device Tunnel interface with AOVPN profle (Sku VpnGw4) registers with the Lan/wifi physical nic and not the azure VPN nic.
Patryk Roliow commented
We have the same problem that the clients Azure VPN is registering with the wrong nic. It register with the Lan/wifi physical nic and not the azure VPN nic. even when you click in the box that it should register it still does not do that.
That is a big issue as revers lookup is point to the wrong ip no provided by the VPN services.