Skip to content

Documentation / Knowledge Base

Intermittent DNS resolution failures on Windows 11 Version 24H2 with IPv6 enabled

Summary

Some users running Enclave on Windows 11 (Version 24H2) are experiencing intermittent failures resolving public domain names (e.g., youtube.com, amazon.com, google.com) while connected to an Enclave Gateway. The issue typically manifests as browser errors such as “server IP address could not be found” and typically resolves itself after several seconds or minutes. In some environments, affected devices show proper resolution via ping or alternate browsers, but fail in others (e.g., Edge). Users have confirmed that stopping Enclave in such instances restores connectivity.

Status

Investigating

Affected platforms

  • Windows 11 Version 24H2

  • All versions of Enclave

  • Devices with IPv6 addresses assigned

  • Occurs across multiple customers, environments, and network types

Symptoms

  • Browser returns DNS errors intermittently (e.g., ERR_NAME_NOT_RESOLVED)

  • ping may still resolve and return correct results

  • Issues typically occur after waking from standby or when network adapters reinitialise

  • One or more Enclave-connected devices under the same policy may remain unaffected

Cause

Emergent behavior introduced with Windows 11 24H2 when IPv6 is enabled, active and prioritised. DNS resolution appears to fail when DNS requests are routed through Enclave Gateways, potentially triggering a fallback to local resolvers inconsistently. Often observed during transition periods (e.g., wake from sleep), with connectivity failures lasting several seconds or longer before recovering.

Workaround

Follow Microsoft's Guidance for configuring IPv6 in Windows for advanced users document to disable IPv6 on the affected system(s). Our investigations suggest that the presence and prioritisation of IPv6 traffic on 24H2 can interfere with upstream DNS handling through the Enclave client. We recommend exploring one of the following two registry-based workarounds to mitigate the issue:

Option 1 – Prefer IPv4 over IPv6

This approach reorders the stack preference to prioritise IPv4 traffic, while still allowing IPv6 functionality.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 32 /f

Option 2 – Disable IPv6 entirely

This disables IPv6 functionality altogether, this is a more aggressive option that goes against Microsoft’s general guidance to keep IPv6 enabled, but in our testing, this has been the only reliable workaround in some cases.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 255 /f

Important notes

After applying either registry change, a full system restart is required.

Resolution plan

Currently under investigation. A test environment reproducing this behavior with Windows 11 24H2 and Enclave is in place. We are assessing whether client changes can mitigate the behavior without requiring changes to Windows network stack configuration. Updates will be provided when alternative workarounds, or product-side fix is available.

Date Published: May 2, 2025


Last updated May 2, 2025