DNS Resolution stops after windows computer is locked
I'm having an issue where users on both the Web plugin as well as the Windows Edge client are unable to resolve DNS after having their computer locked for a bit of time (usually less than 10 minutes). Everything will work fine up until then.
Going through the routing logs I see and entry for a 54.192.139.189 IP like this:
54.192.139.189 255.255.255.255 10.0.0.1 10.0.0.93 29
I also see the following log entry in the EdgeClientLog.txt file:
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 197, UIpForwardTable::PatchRouteTable, Patch route (public: 1) ======> 54.192.139.189 255.255.255.255 172.19.149.147
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 257, UIpForwardTable::PatchRouteTable(), Trying to add public route, 54.192.139.189, 255.255.255.255
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 2684, UIpForwardTable::CheckForGateway(), gateway found (10.232.105.1) on invalid interface (14)
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 3036, UIpForwardTable::GetBestRouteToDestination, Route to 54.192.139.189 found at removed routes, R:NF--------:--------
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 263, UIpForwardTable::PatchRouteTable(), Route in local subnet, 0
2017-01-29,19:40:53:896, 5640,5296,DIALER, 48, , 165, DetectCaptivePortal, Trying to download a file over HTTP (URL), http://54.192.139.189/product/avail.txt
I have the DNS relay proxy already enabled. It seems like when the computer comes back from being locked it forgets to use our internal DNS servers and reverts back to the local DNS servers. In the access policy I have it set to not allow local DNS. I have allowed it in the past, but that did not fix the issue.
I also found these lines in the log relating to the DNS Relay Proxy:
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for 8.8.8.8:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for 8.8.4.4:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::1%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::2%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::3%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1416, DNSRelayProxy::ReconfigureRelays, Configure domain suffixes
2017-01-27,20:27:59:666, 2300,6216,, 48, , 2568, DNSRelayProxy::ThreadImpersonate, Thread impersonated.
2017-01-27,20:27:59:666, 2300,6216,, 2, \m_sys.cpp, 313, ::FlushDNS, Failed to open 'DNS Client' service (error: 5 (0x5) Access is denied.)
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2049, DNSRelayProxy::ProcessRequest, received packet (43 bytes) from 127.0.0.1:59755 to 8.8.8.8:53
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2108, DNSRelayProxy::ProcessRequest, Query for teredo.ipv6.microsoft.com type 1 class 1
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2362, DNSRelayProxy::ForwardDNSRequest, Query matches the pattern
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2231, DNSRelayProxy::FindAndSetDNSRelay, redirect to NA DNS
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2424, DNSRelayProxy::ForwardDNSRequest, Cannot find server to forward reqeust. Drop request. Original destination 8.8.8.8:53
2017-01-27,20:27:59:744, 2300,5500,, 48,,,, FltServiceRemoveExcludedDomainNames: entering...
2017-01-27,20:27:59:744, 2300,6216,, 48, , 2585, DNSRelayProxy::ThreadRevertToSelf, Impersonatation reverted.
2017-01-27,20:27:59:760, 2300,5500,, 48, \m_sys.cpp, 327, ::FlushDNS, 'DNS Client' service notified on configuration change. (state, exit code), SERVICE_RUNNING, 0 (0x0) The operation completed successfully.
2017-01-27,20:27:59:760, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: Wireless Network Connection, type: 71
2017-01-27,20:27:59:760, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: 8.8.8.8:53
2017-01-27,20:27:59:760, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for 8.8.8.8:53 already created
I have an open case with F5 support, but as of yet there has been no possible solutions. I'm fairly new in the F5 world, and would appreciate any guidance that can be provided!