SSL VPN DNS order

Hi,

we have configured SSL VPN portals for different users, on these portals we have DNS split tunneling enabled and configured two domain controllers inside, but one of these domain controller dns is undergoing maintenance and is turned off, so we changed order of these dns servers, that dns primary is the current working dns server, but this is not working client getting all the time on the first position turned off dns server and the second working as secondary. Now on fortigate log I see that dns resolution are going all the time to turned off dns server, and because of that ssl vpn users do not get local dns resolution, all request are pushed to internet.

The DNS server ending with .202 - is the working one, .102 - is turned off.

On the client side, ipconfig:

Ethernet adapter Ethernet 3:  Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Fortinet SSL VPN Virtual Ethernet Adapter Physical Address. . . . . . . . . : 00-09-0F-AA-00-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::1d66:e7c1:3ea5:7560%8(Preferred) IPv4 Address. . . . . . . . . . . :  Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . :  DHCPv6 IAID . . . . . . . . . . . : 687868175 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-E1-1E-42-54-05-DB-32-AF-59 DNS Servers . . . . . . . . . . . : 192.168.96.188 x.x.x.102 x.x.x.202 NetBIOS over Tcpip. . . . . . . . : Enabled

On the fortigate dns request are coming only to turned off dns server x.x.x.102