DNS suffix search list overwritten on VPN reconnect

Posted on 2009-04-24
Last Modified: 2012-08-13
I have several users who use Cisco Systems VPN client to connect to our network from home.  I need them to have a DNS suffix search list with numerous entries in order for them to be able to access all of our intranet pages after they connect.  On most computers, I can specify this information at [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] and the machine will use that information for the search list from that point on (at least after an ipconfig /renew or a restart).  

The problem I am having is that one some machines running Windows 2000 (but not on others) when I disconnect/reconnect from the VPN the entries that I specified at the location above are overwritten with an incomplete list.  I cannot figure out where the incomplete list is being taken from.  Can anyone give me help on where the incorrect information might be coming from?  I cannot find any plausible registry entries where the information could be stored.  Thanks.
Question by:PTVK
    LVL 5

    Expert Comment

    have you checked the dhcp server scope that the Cisco is using (so on either the cisco if it's doing the dhcp or a windows server dhcp for example).
    LVL 76

    Accepted Solution

    To add some additional information to what the prior comment addressed, is that you have to make sure that your VPN configuration pushes out DNS servers along with the IP for the VPN user.  An option to push the search domains might be an option as well.
    How are you modifying the Registry with the VPN process?
    Is this a domain based system where you have a GPO that pushes the search domains that goes offsite when the VPN connection is used??
    GPOs are not enforced when the system is outside the LAN (slow link speed detection mechanism) determines whether a DC is nearby and applies the GPO.

    Author Comment

    I don't think that the VPN client normally tries to push search domains down... if it did, do you know where it would be getting the information from?  I know we do not use GPOs to push search domains, instead we use a batch file that is called in our login script to overwrite the key I mentioned above, which at least on restart should result in the full suffix list populating.  The really strange behavior in this case is that when I manually overwrite the key(s) that holds the suffix list, they are somehow replaced with incorrect information when I merely disconnect/reconnect the VPN client and I cannot figure out what is doing it.  I do not know how the VPN process modifies the registry, I cannot find settings related to that.

    This problem persists through reinstalls of VPN clients that are identical to the version in PCs that do not exhibit this behavior.
    LVL 76

    Assisted Solution

    The VPN client pushes nothing. You need to configure your Cisco VPN server to push the LAN DNS servers as part of the VPN policy.  Often the VPN DNS servers will be queried.  Not sure whether you can push search domains through the same mechanism.

    The above provides an example which you could use in configuring your VPN policy. I.e. define the default domain and then the list of other domains that should be queried through your LAN DNS servers.
    Registry alterations might get flushed when the VPN is not present and the dns handling in windows cycles through trying to resolve a host with the search suffix.  When the VPN is not present, those domains are seens as non-existent and it would seem reasonable to speed up future queries domains that do not exist should not be checked again.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now