Jump to content
Welcome to our new Citrix community!

DNS Registration fails for SSL FULL VPN Users. Hence Believe Gpupdate is failing.

Recommended Posts

Hi All,


I have configured full SSL VPN for Users to meet following requirement -

  • Due to pandemic, most of the Users are working from home and business need is to apply Group policy once they are connected to network via Full VPN.


Following Configuration is done -

  • Address Pool For Users.. Internal Routing within the network for the configured Address Pool. Required Firewall ports to communication with Domain Controllers is allowed.
  • Split Tunneling is Set to ON.(Configured the entire Internal Network)
  • Split DNS is Set to Both.
  • DNS Suffix is configured matching to Internal Domain name.
  • LB VIP Type to DNS and Backend Service bound to 1 of the Internal DNS Server.
  • Explicitly following knobs been configured  - https://docs.citrix.com/en-us/citrix-gateway/current-release/vpn-user-config/configure-plugin-connections/configure-address-pools.html
    • nsapimgr -ys enable_vpn_dns_override=1
    • nsapimgr -ys enable_vpn_dnstruncate_fix=1
  • End Point Plugin Version is
  • NS Build - 13.0.79.x

Observation -

  • DNS registration fails (ipconfig /register DNS).. Hence believe gpupdate / force is getting failed.
  • Verified in AD, only Secure DNS update being allowed.
  • Manually made the changes to registry as follows -
    • HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client\secureDNSUpdate value of type REG_DWORD and set it to 1.


Any guidance / suggestion, please do let me know.. Its bit urgent..





Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...