Skip to main content
  • EN

I'm doing a deploy of NPA across my environment and hitting a series of snags. 

 

The issue seems to be related to my Mac users having issues with DNS resolution or pages loading failures.  These are largely my SaaS based SSO apps but they can be anything.  We are using Duo Security for MFA but that has been added as an exception.  The problem is intermittent.  Some users experience it all the time, I only experience it periodically though it used to be all the time for me too.  All users are in the same Steering Configuration.  

 

We are all using MacOS Ventura so this may be related to the bug from last year.  

@clnicholson ask your account SE to enable one of our controlled-access features for handling DoX. It has solved multiple NPA related issues relating to Mac's insistence on using DOH. 

Finally solved it.  We discovered that our current VPN client was causing TCP resets when it wasn't active, just installed.  Turns out that version of AnyConnect had a known defect.  Since we had not fully pushed NPA, we hadn't removed the client.  I've also observed the issue with OpenVPN which we'll have to keep around to support other folks, Mac and Windows users.  I'm working on how we can resolve that.  

@clnicholson glad to hear it. If you don't mind, what was the version of AnyConnect with the defect? Would be good to know in case anyone runs across it in the future.

Version 4.10.04065.  I've also just become aware that it's affecting OpenVPN clients.  Support has a ticket for that.  

Hi team,

 

Facing this very same issue with MAC OS users but the VPN client is different. We are aslo facing TCP resets.

@clnicholson what is the meaning of the term “when it wasn't active, just installed.” (ACTIVE) do we need to connect to VPN or the VPN client just need be installed on enduse machine.

 

If @clnicholson you are comfortable to share, what did the VPN support suggested to resolve the issue?

 

Thanks & Regards

Sahil Thakur

Terms & ConditionsCookie settings