Documentation / Knowledge Base
Intermittent DNS resolution failures on Windows 11 Version 24H2 with IPv6 enabled¶
Summary¶
Some users running Enclave on Windows 11 (Version 24H2) are experiencing intermittent failures resolving public domain names (e.g., youtube.com
, amazon.com
, google.com
) while connected to an Enclave Gateway. The issue typically manifests as browser errors such as “server IP address could not be found” and typically resolves itself after several seconds or minutes. In some environments, affected devices show proper resolution via ping
or alternate browsers, but fail in others (e.g., Edge). Users have confirmed that stopping Enclave in such instances restores connectivity.
Status¶
Investigating
Affected platforms¶
-
Windows 11 Version 24H2
-
All versions of Enclave
-
Devices with IPv6 addresses assigned
-
Occurs across multiple customers, environments, and network types
Symptoms¶
-
Browser returns DNS errors intermittently (e.g.,
ERR_NAME_NOT_RESOLVED
) -
ping
may still resolve and return correct results -
Issues typically occur after waking from standby or when network adapters reinitialise
-
One or more Enclave-connected devices under the same policy may remain unaffected
Cause¶
Emergent behavior introduced with Windows 11 24H2 when IPv6 is enabled, active and prioritised. DNS resolution appears to fail when DNS requests are routed through Enclave Gateways, potentially triggering a fallback to local resolvers inconsistently. Often observed during transition periods (e.g., wake from sleep), with connectivity failures lasting several seconds or longer before recovering.
Workaround¶
Follow Microsoft's Guidance for configuring IPv6 in Windows for advanced users document to disable IPv6 on the affected system(s). Our investigations suggest that the presence and prioritisation of IPv6 traffic on 24H2 can interfere with upstream DNS handling through the Enclave client. We recommend exploring one of the following two registry-based workarounds to mitigate the issue:
Option 1 – Prefer IPv4 over IPv6¶
This approach reorders the stack preference to prioritise IPv4 traffic, while still allowing IPv6 functionality.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 32 /f
Option 2 – Disable IPv6 entirely¶
This disables IPv6 functionality altogether, this is a more aggressive option that goes against Microsoft’s general guidance to keep IPv6 enabled, but in our testing, this has been the only reliable workaround in some cases.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 255 /f
Important notes¶
After applying either registry change, a full system restart is required.
Resolution plan¶
Currently under investigation. A test environment reproducing this behavior with Windows 11 24H2 and Enclave is in place. We are assessing whether client changes can mitigate the behavior without requiring changes to Windows network stack configuration. Updates will be provided when alternative workarounds, or product-side fix is available.
Date Published: May 2, 2025
Last updated May 2, 2025