This article describes an issue where DNS resolution via Pulse VPN tunneling fails if CrowdStrike AV is installed on the client PC.
Problem or Goal
This issue can occur under the following conditions:
Client OS is Windows 10 Redstone 3 build 16199 and lower.
Client OS is Windows 7.
Pulse versions affected:
Pulse Desktop Client 5.3R1 - 5.3R5
Pulse Desktop Client 5.2R7 and above
Pulse Desktop Client 5.1R12 and above
If CrowdStrike AV is installed with Pulse Secure Desktop client version listed above on Windows 10 versions listed above, DNS queries via the Pulse VPN tunnel fail.
When checking the DNS service status in the system service, the service is "Stopped" and cannot be restarted manually.
Attempting to flush the DNS from a command prompt using the command ipconfig /flushdns fails because the DNS service is stopped.
The PC needs to be rebooted in order for DNS to start working again.
While the Pulse VPN tunnel is connected the following regkey is modified:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Type Value for Type = 16
(Default Value for Type = 32)
This is a temporary modification to the registry by Pulse to lock the DNS cache so that other applications cannot access it. Upon disconnecting with Pulse, the Value for Type is restored to 32.
CrowdStrike AV protects the client PC by binding to the DNS service to prevent attacks from malicious hosts. When the Dnscache is locked by Pulse, attempts made by CrowdStrike to bind to the DNS service causes it to stop working. This results in the DNS registrations, updates to the dnscache, and flushdns operations to stop working.
This issue is resolved in the following Pulse Desktop Client versions:
Pulse Desktop Client 5.3R7 and up
Pulse Desktop Client 9.0R2.1 and up
This is a Pulse Desktop Client fix only and does not require that the Pulse Connect Secure software be upgraded on the appliance.