cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1597
Views
5
Helpful
1
Replies

CSCvn28188 - VPN network incorrectly not classified as "domain network" prior to Windows logon

claude_vocat
Level 1
Level 1

Could you please add the reference to the Microsoft patch ?
We see the same symptoms on some of our systems.
And we also observed that the default gateway is set with a delay on newer Anyconnect clients but not with AnyConnect 4.3

1 Reply 1

claude_vocat
Level 1
Level 1

Found this information on Microsoft Support site:
https://support.microsoft.com/en-us/help/4550028/firewall-profile-does-not-switch-to-domain-when-using-third-party-vpn

 

The workaround has one more setting, and the solution describes what should be changed in the VPN client... So Cisco will fix the Anyconnect Client as described ?

 

To work around this issue, disable negative cache to help the NLA service when it retries domain detection. To do this, use the following methods.

  • First, disable Domain Discovery negative cache by adding the NegativeCachePeriod registry key to following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters

    Name: NegativeCachePeriod
    Type: REG_DWORD
    Value Data: 0 (default value: 45 seconds; set to 0 to disable caching)
  • If issue doesn’t resolve, furtherly disable DNS negative cache by adding the MaxNegativeCacheTtl registry key to the following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

    Name: MaxNegativeCacheTtl
    Type: REG_DWORD
    Value Data: 0 (default value: 5 seconds; set to 0 to disable caching)
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: