DNS Resolution stops after windows computer is locked

Question

I'm having an issue where users on both the Web plugin as well as the Windows Edge client are unable to resolve DNS after having their computer locked for a bit of time (usually less than 10 minutes). Everything will work fine up until then.&nbsp;Going through the routing logs I see and entry for a 54.192.139.189 IP like this:&nbsp;54.192.139.189 255.255.255.255 10.0.0.1 10.0.0.93 29&nbsp;I also see the following log entry in the EdgeClientLog.txt file:&nbsp;2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 197, UIpForwardTable::PatchRouteTable, Patch route (public: 1) ======&gt; 54.192.139.189 255.255.255.255 172.19.149.147 
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 257, UIpForwardTable::PatchRouteTable(), Trying to add public route, 54.192.139.189, 255.255.255.255 
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 2684, UIpForwardTable::CheckForGateway(), gateway found (10.232.105.1) on invalid interface (14) 
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 3036, UIpForwardTable::GetBestRouteToDestination, Route to 54.192.139.189 found at removed routes, R:NF--------:-------- 
2017-01-29,19:40:53:891, 5640,5296,DIALER, 48, , 263, UIpForwardTable::PatchRouteTable(), Route in local subnet, 0 
2017-01-29,19:40:53:896, 5640,5296,DIALER, 48, , 165, DetectCaptivePortal, Trying to download a file over HTTP (URL), http://54.192.139.189/product/avail.txtI have the DNS relay proxy already enabled. It seems like when the computer comes back from being locked it forgets to use our internal DNS servers and reverts back to the local DNS servers. In the access policy I have it set to not allow local DNS. I have allowed it in the past, but that did not fix the issue.&nbsp;I also found these lines in the log relating to the DNS Relay Proxy:&nbsp;2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for 8.8.8.8:53 
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for 8.8.4.4:53 
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::1%1]:53 
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::2%1]:53 
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::3%1]:53 
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1416, DNSRelayProxy::ReconfigureRelays, Configure domain suffixes 
2017-01-27,20:27:59:666, 2300,6216,, 48, , 2568, DNSRelayProxy::ThreadImpersonate, Thread impersonated. 
2017-01-27,20:27:59:666, 2300,6216,, 2, \m_sys.cpp, 313, ::FlushDNS, Failed to open 'DNS Client' service (error: 5 (0x5) Access is denied.) 
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2049, DNSRelayProxy::ProcessRequest, received packet (43 bytes) from 127.0.0.1:59755 to 8.8.8.8:53 
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2108, DNSRelayProxy::ProcessRequest, Query for teredo.ipv6.microsoft.com type 1 class 1 
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2362, DNSRelayProxy::ForwardDNSRequest, Query matches the pattern 
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2231, DNSRelayProxy::FindAndSetDNSRelay, redirect to NA DNS 
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2424, DNSRelayProxy::ForwardDNSRequest, Cannot find server to forward reqeust. Drop request. Original destination 8.8.8.8:53 
2017-01-27,20:27:59:744, 2300,5500,, 48,,,, FltServiceRemoveExcludedDomainNames: entering... 
2017-01-27,20:27:59:744, 2300,6216,, 48, , 2585, DNSRelayProxy::ThreadRevertToSelf, Impersonatation reverted. 
2017-01-27,20:27:59:760, 2300,5500,, 48, \m_sys.cpp, 327, ::FlushDNS, 'DNS Client' service notified on configuration change. (state, exit code), SERVICE_RUNNING, 0 (0x0) The operation completed successfully. 
2017-01-27,20:27:59:760, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: Wireless Network Connection, type: 71 
2017-01-27,20:27:59:760, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: 8.8.8.8:53 
2017-01-27,20:27:59:760, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for 8.8.8.8:53 already createdI have an open case with F5 support, but as of yet there has been no possible solutions. I'm fairly new in the F5 world, and would appreciate any guidance that can be provided!&nbsp;

utahman3431_307 · Answer

Here's the full DNSRelayProxy ReconfigureRelays section:&nbsp;2017-01-27,20:27:59:650, 2300,6216,, 48, , 2585, DNSRelayProxy::ThreadRevertToSelf, Impersonatation reverted.
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: Wireless Network Connection, type: 71
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: 8.8.8.8:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for 8.8.8.8:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: 8.8.4.4:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for 8.8.4.4:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: Bluetooth Network Connection, type: 6
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1073, DNSRelayProxy::ReconfigureRelays, adapter 'is not operational, state: 2, Skip
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: VirtualBox Host-Only Network, type: 6
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: [fec0:0:0:ffff::1%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for [fec0:0:0:ffff::1%1]:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: [fec0:0:0:ffff::2%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for [fec0:0:0:ffff::2%1]:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: [fec0:0:0:ffff::3%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for [fec0:0:0:ffff::3%1]:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: VirtualBox Host-Only Network 2, type: 6
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: [fec0:0:0:ffff::1%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for [fec0:0:0:ffff::1%1]:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: [fec0:0:0:ffff::2%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for [fec0:0:0:ffff::2%1]:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1107, DNSRelayProxy::ReconfigureRelays, next DNS server is: [fec0:0:0:ffff::3%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1118, DNSRelayProxy::ReconfigureRelays, Relay for [fec0:0:0:ffff::3%1]:53 already created
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: Loopback Pseudo-Interface 1, type: 24
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1068, DNSRelayProxy::ReconfigureRelays, loopback adapter, skip
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: isatap.myDNSSuffix, type: 131
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1073, DNSRelayProxy::ReconfigureRelays, adapter 'is not operational, state: 2, Skip
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: Local Area Connection* 11, type: 131
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1073, DNSRelayProxy::ReconfigureRelays, adapter 'is not operational, state: 2, Skip
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: isatap.{DC4ACDD4-C3F5-4EDE-BCD5-8C1282177CE0}, type: 131
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1073, DNSRelayProxy::ReconfigureRelays, adapter 'is not operational, state: 2, Skip
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: isatap.{FF9B8BAF-BF89-4AFD-A436-C73711D7A933}, type: 131
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1073, DNSRelayProxy::ReconfigureRelays, adapter 'is not operational, state: 2, Skip
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1065, DNSRelayProxy::ReconfigureRelays, adapter: isatap.{799B38F2-D369-49BF-BC56-F78B7082A438}, type: 131
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1073, DNSRelayProxy::ReconfigureRelays, adapter 'is not operational, state: 2, Skip
2017-01-27,20:27:59:666, 2300,6216,, 1, , 1376, DNSRelayProxy::ReconfigureRelays, Can't remove mapping rule for old relay (error: 2)
2017-01-27,20:27:59:666, 2300,6216,, 1, , 1376, DNSRelayProxy::ReconfigureRelays, Can't remove mapping rule for old relay (error: 2)
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for 8.8.8.8:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for 8.8.4.4:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::1%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::2%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1320, DNSRelayProxy::ReconfigureRelays, Set access deny for [fec0:0:0:ffff::3%1]:53
2017-01-27,20:27:59:666, 2300,6216,, 48, , 1416, DNSRelayProxy::ReconfigureRelays, Configure domain suffixes
2017-01-27,20:27:59:666, 2300,6216,, 48, , 2568, DNSRelayProxy::ThreadImpersonate, Thread impersonated.
2017-01-27,20:27:59:666, 2300,6216,, 2, \m_sys.cpp, 313, ::FlushDNS, Failed to open 'DNS Client' service (error: 5 (0x5) Access is denied.)
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2049, DNSRelayProxy::ProcessRequest, received packet (43 bytes) from 127.0.0.1:59755 to 8.8.8.8:53
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2108, DNSRelayProxy::ProcessRequest, Query for teredo.ipv6.microsoft.com type 1 class 1
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2362, DNSRelayProxy::ForwardDNSRequest, Query matches the pattern
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2231, DNSRelayProxy::FindAndSetDNSRelay, redirect to NA DNS
2017-01-27,20:27:59:729, 2300,6216,, 48, , 2424, DNSRelayProxy::ForwardDNSRequest, Cannot find server to forward reqeust. Drop request. Original destination 8.8.8.8:53
2017-01-27,20:27:59:744, 2300,5500,, 48,,,, FltServiceRemoveExcludedDomainNames: entering...
2017-01-27,20:27:59:744, 2300,6216,, 48, , 2585, DNSRelayProxy::ThreadRevertToSelf, Impersonatation reverted.
2017-01-27,20:27:59:760, 2300,5500,, 48, \m_sys.cpp, 327, ::FlushDNS, 'DNS Client' service notified on configuration change. (state, exit code), SERVICE_RUNNING, 0 (0x0) The operation completed successfully.

utahman3431_307 · Answer

We just disabled the DNS Relay Proxy on our VPN connections, and it seems to be working now.&nbsp;

Forum Discussion

DNS Resolution stops after windows computer is locked

2 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

F5 GTM resolution issue

Getting Started with Automating Deployment of MCN & Edge Compute

DNS over HTTPS Resolution

Demo Guide: Edge Compute with F5 Distributed Cloud Services (SaaS Console, Automation)

DNS Resolution with the RESOLVER::name_lookup Command