KB43805 - Windows 10 network adapter has a status of "No Internet Access" after a VPN tunnel is created using split tunneling disabled

This article describes an issue with Windows 10 in which the network adapter status displays "No Internet Access" after a VPN tunnel is created using split tunneling disabled

On Windows 10, once the Pulse VPN tunnel setup is complete and VPN tunnel connectivity is established, on a role with split tunneling disabled, Windows 10 may display "No Internet Access" for the status of the network adapter:



When this happens, applications that rely on this network connectivity status check, such as Office 365 and the Microsoft App Store, will fail to connect

When a network configuration change is detected, Windows will use the Network Connection Status Indicator (NCSI) technology to:

• Check the connectivity to the Intranet
• Check the connectivity to the Internet

NCSI determines connectivity using the following process:  

1. The adapter will send a DNS query for www.msftconnecttest.com and www.ipv6.msftconnecttest.com(for dual stack machines)
2. If successful, an http GET request is sent for www.msftconnecttest.com/connecttest.txt.
3. If the client receives an HTTP 200 OK response, NCSI sends a standard DNS query for an A record of dns.msftncsi.com and subsequently a standard DNS query is sent for an AAAA record of dns.msftncsi.com.

If the DNS request in step 1 fails, or the HTTP response is anything other than HTTP 200 OK in step 2, then the LAN adapter and/or the Pulse virtual adapter will display a status of "No Internet access" and applications such as Microsoft Office 365 will report network access failures and not connect.

To resolve this issue, please upgrade to Pulse Desktop Client 9.1R9 and above.

Based on the Microsoft article, Pulse Desktop Client will change the registry setting for negative dns caching to 0 when the tunnel is created and restore the value back once the tunnel is destroyed.