Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 31, 2019 8:29 AM
Hi there,
We are in the middle of a POC for AlwaysOn VPN.
We are having issues troubleshooting what we believe to be a NRPT issue.
NRPT rules are being deployed as part of our VPN config via Microsoft Intune and we can confirm the rules are being received by running the following command on the client.
Get-DnsClientNrptRule
#example output from Get-DnsClientNrptRuleName : VPN Connection
Version : 2
Namespace : {.service.sec.private}
DirectAccessEnabled : False
NameServers : {10.99.10.10,10.99,11.10}
DnsSecEnabled : False
NameEncoding : Disable
However we are not seeing any settings configured when running the following command after the vpn has connected.
Get-DnsClientNrptPolicy
We have confirmed that connectivity is not an issue as we are able to perform an nslookup against the NRPT namespace when specifying the configured DNS Server
nslookup service.sec.private 10.99.10.10
Server: ip-10-99-10-10-.xxxxx
Address: 10.99.10.10
Non-authoritative Answer
Name: service.sec.private
Addresses: 10.200.9.157
Is this correct that "Get-DnsClientNrptPolicy" being blank is indicative of a non active NRPT? how do we troubleshoot why the NRPT is not being applied?
Thanks
All replies (4)
Thursday, August 1, 2019 2:25 AM
Hi,
"Get-DnsClientNrptPolicy" should return IP addresses of NameServers.
For your reference:
https://directaccess.richardhicks.com/2018/05/29/always-on-vpn-client-dns-server-configuration/
To enable the NRPT for Windows 10 Always On VPN, edit the ProfileXML to include the DomainNameInformation element.
For your reference:
Best regards,
Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Tuesday, August 6, 2019 8:13 AM
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, August 9, 2019 3:30 AM
Hi Travis,
Get-DnsClientNrptPolicy only results in configuration applied by the NRPT Group Policies.
Get-DnsClientNrptRules only results in configuration applied via CSP or Intune Portal NRPT Settings.
we are in the middle of a deployment and have noticed this behavior, further NRPT rules applied via Intune/CSP are not actually taking affect at all even when confirmed by the presence of the rules from Get-DnsClientNrptRules.
Can anyone else confirm this behaviour?
Monday, August 12, 2019 2:45 AM
Hi,
I am trying to involve someone familiar with this topic to further look at this issue.
If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible.
Best regards,
Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]