Found this information on Microsoft Support site:
https://support.microsoft.com/en-us/help/4550028/firewall-profile-does-not-switch-to-domain-when-using-third-party-vpn
The workaround has one more setting, and the solution describes what should be changed in the VPN client... So Cisco will fix the Anyconnect Client as described ?
To work around this issue, disable negative cache to help the NLA service when it retries domain detection. To do this, use the following methods.
- First, disable Domain Discovery negative cache by adding the NegativeCachePeriod registry key to following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Name: NegativeCachePeriod
Type: REG_DWORD
Value Data: 0 (default value: 45 seconds; set to 0 to disable caching) - If issue doesn’t resolve, furtherly disable DNS negative cache by adding the MaxNegativeCacheTtl registry key to the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
Name: MaxNegativeCacheTtl
Type: REG_DWORD
Value Data: 0 (default value: 5 seconds; set to 0 to disable caching)