question

DeepanshuArora-7957 avatar image
0 Votes"
DeepanshuArora-7957 asked GitaraniSharmaMSFT-4262 commented

Point to Site VPN with Azure AD authentication - Connecting to AAD endpoint failed with exception: No such host in known

Hi Team,

I've setup P2S with Azure AD multiple times and I find it flawless when compared to certificate-based authentication. But this time I'm facing issue with one particular device, for rest of the devices even with the same user it works perfectly.

Earlier I was getting an error that the DNS isn't resolved, when it didn't fix I did a host file entry now I get the error "Connecting to AAD endpoint failed with exception: No such host in known" second step of diagnostic in Azure VPN application.

96022-image.png


96051-diag2.jpg


azure-virtual-networkazure-vpn-gateway
image.png (154.4 KiB)
diag2.jpg (396.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered GitaraniSharmaMSFT-4262 commented

Hello @DeepanshuArora-7957 ,

"No such host is known" is a very common Windows error that happens when the OS is unable to determine the IP address to connect to. This is usually due to failing DNS resolution.

So, to start the troubleshooting, I would request you to clear the DNS client cache with ipconfig /flushdns and reboot your machine.

Another known cause for this issue is related to Cisco Umbrella roaming client. If you are using this Cisco Umbrella client on that particular machine, then that is the issue. Please refer below articles for more information:
https://support.umbrella.com/hc/en-us/articles/230561147-Umbrella-Roaming-Client-Compatibility-Guide-for-Software-and-VPNs
https://support.umbrella.com/hc/en-us/articles/115004651446-Windows-10-Native-VPN-API-Modern-Metro-apps-

This issue is also observed for customers using Akamai ETP client which does the same thing as Cisco Umbrella. "After ETP Client is installed on end-user machines, it changes the system’s DNS settings and directs traffic to the localhost (127.0.0.1). This configuration allows ETP Client to act as a DNS proxy. As a result, all DNS traffic is directed to ETP Client for resolution." https://learn.akamai.com/en-us/webhelp/enterprise-threat-protector/enterprise-threat-protector/GUID-778840B3-82D0-4BFB-A091-91AFFE48BA48.html. This shows as "Enterprise Client Connector" in the list of installed programs.

You would need to uninstall any such DNS filtering agents from that machine to be able to use Azure VPN.

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GitaraniSharmaMSFT-4262 ,

I did try to troubleshoot the DNS issue, as I mentioned earlier I was getting the error regarding DNS could not be resolved, even after clearing DNS cache etc.

So to quick fix, I did go to the machine on which it was working fine and ran the diagnostic, I got the Public IP from it and used to make host file entry in the machine that I'm not able to connect, after running the diagnostic again I get error I shared in the screenshot.

I did find multiple users facing No such host is know but no one I could find was facing it on AAD endpoint failed.

Also, I've seen the loopback IP address issue earlier and hence I did check it and the DNS IP addresses are fine.

0 Votes 0 ·

Hello @DeepanshuArora-7957 ,

Did you check if the non-working machine has any of the mentioned DNS filtering clients installed?

Thanks,
Gita

0 Votes 0 ·

Hi @GitaraniSharmaMSFT-4262 ,

No I didn't, will you be able to share steps or reference link on how to do that?

Regards,
Deepanshu Arora

0 Votes 0 ·
Show more comments