Windows Troubleshooter Guide/Network Location Awareness
Windows computers have a system for detecting internet connectivity known as Network Location Awareness (NLA). It controls many aspects of how Windows categorizes internet connections, such as whether to assign networks as private or public.[1] When you adjust firewall setting based on whether the network is "private" and "public", the definition of private and public is whether or not your network is currently connected to a network you define as private or public.[2]
Detecting Internet Connectivity
editNetwork Location Awareness also has the ability to check and alert you whenever you are connected to the internet through a task force called Network Connectivity Status Indicator (NCSI). NCSI itself is an API for other programs to use when they need to know how good your internet connection is[3].
Method
editBut since Network Connectivity Status Indicator is itself an API, how the software detects whether you have internet connectivity is not exposed and can thus be hidden. However, a simple test can show what NCSI can do to check your internet connection[4]. Here is the method below:
- Check for website connection
- NCSI looks up
www.msftncsi.com
using your DNS. - If the HTTP response header has a 200 OK status code, then it requests
http://www.msftncsi.com/ncsi.txt
[5]. Note that if you go to that url, the text file reads "Microsoft NCSI
".
- NCSI looks up
- Check for DNS connection
- Also, NCSI does a check for the existence of
dns.msftncsi.com
through your DNS. - If it exists, then NCSI checks whether the IP is
131.107.255.255
. - If there is any problem in either getting a response for the DNS lookup or the IP doesn't match, the internet is assumed to have an issue.
- If the error dns_probe_finished_bad_config then try to get a static ip using vpn or contacting your internet service provider.[7]
- Also, NCSI does a check for the existence of
- Check for IPv6 connection
- Similar, but
dns.msftncsi.com
is expected to resolve tofd3e:4f5a:5b81::1
, and in HTTP testwww
is changed toipv6
in text file URL.
- Similar, but
Analysis
editIf #2 works and #1 fails (the definition of fails is if there isn't a response or a redirect), then Windows alerts you that some kind of authentication might be blocking your internet connectivity (like a need to sign-in before using the internet) [4].
If #2 fails (the definition of fails is if there isn't a response [resolution failure] or the wrong address is returned), then Windows alerts you that you have no internet connection [4].
Note that sometimes, you might get a yellow warning sign/exclamation mark indicating that you have no internet, yet can connect fine. In this case, judging by the above cases, it should mean that #2 failed but #1 works.
Configuring NCSI
editThe configuration parameters for NCSI uses the Registry. The key is located at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
. The list of the typical values are here
Name | Type | Data |
---|---|---|
(Default) | REG_SZ | (value not set) |
ActiveDnsProbeContent | REG_SZ | 131.107.255.255 |
ActiveDnsProbeContentV6 | REG_SZ | fd3e:4f5a:5b81::1 |
ActiveDnsProbeHost | REG_SZ | dns.msftncsi.com |
ActiveDnsProbeHostV6 | REG_SZ | dns.msftncsi.com |
ActiveWebProbeContent | REG_SZ | Microsoft NCSI |
ActiveWebProbeContentV6 | REG_SZ | Microsoft NCSI |
ActiveWebProbeHost | REG_SZ | www.msftncsi.com |
ActiveWebProbeHostV6 | REG_SZ | ipv6.msftncsi.com |
ActiveWebProbePath | REG_SZ | ncsi.txt |
ActiveWebProbePathV6 | REG_SZ | ncsi.txt |
EnableActiveProbing | REG_DWORD | 0x00000001 (1) |
PassivePollPeriod | REG_DWORD | 0x0000000f (15) |
StaleThreshold | REG_DWORD | 0x0000001e (30) |
WebTimeout | REG_DWORD | 0x00000023 (35) |
As you can see, changing the data of the name will change the behavior of what NCSI does. For example, changing ActiveWebProbeHost
will change what website it will check. EnableActiveProbing
is a boolean value that, if set to 0, turns off NCSI. Any other value turns it on. The last three names, PassivePollPeriod
; StaleThreshold
; and WebTimeout
, have no predictable effect on the system [4].
Privacy
editAs a side note, on the Microsoft documentation page describe how NCSI works, they mention that
- IIS logs are stored on the server at www.msftncsi.com. These logs contain the time of each access and the IP address recorded for that access. These IP addresses are not used to identify users, and in many cases, they are the address of a network address translation (NAT) computer or proxy server, not a specific client behind that NAT computer or proxy server[6].
References
edit- ↑ "Network Location Awareness". TechNet. Microsoft Docs. Retrieved 2021-10-22.
- ↑ MichaelPlatts [msft] (2010-09-08). "Network Location Awareness (NLA) and how it relates to Windows Firewall Profiles". Networking Blog. TechNet Blogs. Archived from the original on 2017-11-05.
- ↑ "Network Awareness in Windows Vista and Windows 7". Microsoft Docs. Microsoft. Retrieved 2021-10-22.
- ↑ a b c d MichaelPlatts. "Windows 7 Network Awareness: How Windows knows it has an internet connection". superuser community blog. StackExchange. Retrieved 01/11/2016.
{{cite web}}
: Check|authorlink=
value (help); Check date values in:|accessdate=
(help); External link in
(help)|authorlink=
- ↑ Changed to
http://www.msftconnecttest.com/connecttest.txt
in Windows 10 build 1607 (Anniversary Update), new text file reads "Microsoft Connect Test
" - ↑ "Appendix K: Network Connectivity Status Indicator and Resulting Internet Communication in Windows Vista". TechNet. Microsoft. Retrieved 2021-10-22.
Encryption and storage: NCSI does not use encryption (both the requests it sends and the responses it receives are standardized, as shown in the table earlier in this subsection). IIS logs are stored on the server at www.msftncsi.com. These logs contain the time of each access and the IP address recorded for that access. These IP addresses are not used to identify users, and in many cases, they are the address of a network address translation (NAT) computer or proxy server, not a specific client behind that NAT computer or proxy server.