Hi! I wish to know If someone has gone through this. I have an employee connecting to a VPN using FortiClient, everything works fine. However, after disconnecting from the VPN, the computer can’t access the internet. This is happening because the DNS settings on the network adapter are not reverting back to their default state. Instead, they remain set to use the VPN’s DNS servers, which can cause connectivity issues outside the VPN. The employee has the latest Windows 11 version and FortiClient version.
It shouldn’t be changing the DNS settings on the adapter.
The Forti client creates a virtual ethernet adaptor to which the DNS setting are applied, it doesn’t change the settings on the host adaptor itself.
Kill forticlient with taskmanager after session then
Check known issues for that FortiClient version
This happens a lot to our users and we are on a very recent release of the client. What we usually end up having to do is walk the user through toggling the dns settings in IPv4 back to obtain DNS. Ipconfig release/renew doesn’t fix it, restart doesn’t fix it. To do this we provide them the current laps password for the local admin account. Then they can elevate permissions and make the change. Laps updates the password at next login.
They should be getting DNS from DHCP.
Maybe try reinstall network card drivers?
I have seen it change the dns settings from obtain to static on our users wifi adapters.
Since you mentioned and I agree, it makes sense. I have seen this in action. Then when you disconnect the client, the adapter goes into a disabled state.
When the virtual adapter is created though, I have always been unable to make an ldap password change because of lack of connectivity to my DC.
I do not see my DC listed as DNS on the virtual adapter created by fortinclient but I believe it works if I manually alter the virtual adapter dns settings. Is this something that can be supplied by DHCP on the fortinet?
That is what we do too here but it’s absolute madness. Giving end users LAPS passwords so they can do it themself while driving them by phone to go reset to auto DNS is not a good solution. I tested differents version of forticlients 7.0.7, 7.0.8 and even 7.4 but same is happening
a rollback to drivers maybe?
ipconfig /flushdns only flushes the local stub resolver cache, not the misconfigured dns server on a NIC.
How did you get to ipconfig /flushdns from your quick one?
Fortinet SSL VPN Virtual Ethernet adapter gets created when Forticlient VPN is installed. If after disconnecting the VPN, the DNS IP address is still visible, perform the following steps:
- Try forcefully shutdown of the PC, not regular shutdown/restart.
- Try to update the driver.
Here are some articles on the web that Windows Update might cause network connection issues and might affect third-party apps as well.
If Microsoft windows 10 is used and has been recently upgraded, this can cause internet-connections problems:
Microsoft Confirms Windows 10 Update Can Cause Internet Connectivity Problems
Mandatory Windows 10 update causing DNS and shared folder issues
If the issue still persists, this is a FortiClient software issue.
- Try to reinstall the FortiClient software. If it still exhibits the same behavior, upgrade the FortiClient version to the latest one. It will fix the issue.
I definitely suggest uninstalling the network card drivers and installing the latest available. I ran into a similar problem in the past, it was just stuck. That resolved my issue.
Thank you so much! Very useful!
Yes, why not?
Let’s blindly issue all the known commands that could fix any networking problems. Why not also do ipconfig /release and ipconfig /renew while we’re at it? Just because sometimes it helps?
Because it got nothing to do with DNS servers assigned to a NIC. It of course helps after the issue is resolved, to get resolving going again quicker.
It’s late at night (or rather morning already), I apologise.
Sorry if I came across a little agressive. I’ve had many many AD migrations, and telling someone to just do ipconfig /flushdns is kind of triggering.