Point to Site VPN with Azure AD authentication - Connecting to AAD endpoint failed with exception: No such host in known

Deepanshu Arora 21 Reputation points
2021-05-12T12:54:31.063+00:00

Hi Team,

I've setup P2S with Azure AD multiple times and I find it flawless when compared to certificate-based authentication. But this time I'm facing issue with one particular device, for rest of the devices even with the same user it works perfectly.

Earlier I was getting an error that the DNS isn't resolved, when it didn't fix I did a host file entry now I get the error "Connecting to AAD endpoint failed with exception: No such host in known" second step of diagnostic in Azure VPN application.

96022-image.png

96051-diag2.jpg

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,036 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 45,506 Reputation points Microsoft Employee
    2021-05-12T13:52:50.47+00:00

    Hello @Deepanshu Arora ,

    "No such host is known" is a very common Windows error that happens when the OS is unable to determine the IP address to connect to. This is usually due to failing DNS resolution.

    So, to start the troubleshooting, I would request you to clear the DNS client cache with ipconfig /flushdns and reboot your machine.

    Another known cause for this issue is related to Cisco Umbrella roaming client. If you are using this Cisco Umbrella client on that particular machine, then that is the issue. Please refer below articles for more information:
    https://support.umbrella.com/hc/en-us/articles/230561147-Umbrella-Roaming-Client-Compatibility-Guide-for-Software-and-VPNs
    https://support.umbrella.com/hc/en-us/articles/115004651446-Windows-10-Native-VPN-API-Modern-Metro-apps-

    This issue is also observed for customers using Akamai ETP client which does the same thing as Cisco Umbrella. "After ETP Client is installed on end-user machines, it changes the system’s DNS settings and directs traffic to the localhost (127.0.0.1). This configuration allows ETP Client to act as a DNS proxy. As a result, all DNS traffic is directed to ETP Client for resolution." https://learn.akamai.com/en-us/webhelp/enterprise-threat-protector/enterprise-threat-protector/GUID-778840B3-82D0-4BFB-A091-91AFFE48BA48.html. This shows as "Enterprise Client Connector" in the list of installed programs.

    You would need to uninstall any such DNS filtering agents from that machine to be able to use Azure VPN.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.