Reset Search
 

 

Article

KB43856 - VPN Tunneling DNS resolution fails when CrowdStrike AntiVirus is installed

« Go Back

Information

 
Last Modified Date8/17/2018 12:20 AM
Synopsis
This article describes an issue where DNS resolution via Pulse VPN tunneling fails if CrowdStrike AV is installed on the client PC.  
Problem or Goal
This issue can occur under the following conditions:
  • Client OS is Windows 10 Redstone 3 build 16199 and lower.
  • Client OS is Windows 7.
  • Pulse versions affected: 
    • Pulse Desktop Client 5.3R1 - 5.3R5
    • Pulse Desktop Client 5.2R7 and above
    • Pulse Desktop Client 5.1R12 and above
  • If CrowdStrike AV is installed with Pulse Secure Desktop client version listed above on Windows 10 versions listed above, DNS queries via the Pulse VPN tunnel fail.
  • When checking the DNS service status in the system service, the service is "Stopped" and cannot be restarted manually.
  • Attempting to flush the DNS from a command prompt using the command ipconfig /flushdns fails because the DNS service is stopped.  
  • The PC needs to be rebooted in order for DNS to start working again.
Cause
While the Pulse VPN tunnel is connected the following regkey is modified:

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Type
Value for Type = 16

(Default Value for Type = 32)

This is a temporary modification to the registry by Pulse to lock the DNS cache so that other applications cannot access it. Upon disconnecting with Pulse, the Value for Type is restored to 32.

CrowdStrike AV protects the client PC by binding to the DNS service to prevent attacks from malicious hosts.  When the Dnscache is locked by Pulse, attempts made by CrowdStrike to bind to the DNS service causes it to stop working.  This results in the DNS registrations, updates to the dnscache, and flushdns operations to stop working.  
 
Solution
This issue is resolved in the following Pulse Desktop Client versions:
  • Pulse Desktop Client 5.3R7 and up
  • Pulse Desktop Client 9.0R2.1 and up

This is a Pulse Desktop Client fix only and does not require that the Pulse Connect Secure software be upgraded on the appliance.
Related Links
Attachment 1 
Created ByVignesh Ramanan

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255