I have a mixed Win7/Win10 AD domain. Access to internet is via proxy, configured via WPAD, and everything is fine…
For making NCSI work I added the corresponding rules and it works perfectly on Win7. I know that the latest Win10 have another address and URL for checking, however there is a strange behaviour:
- Win 10 says "ad.domain.xxx domain, no internet connection" (or something like that, it's an italian language version) in the tooltip (this is the issue because skype and other things don't work if it says so)
- Everything works fine (except things depending on the NCSI)
- I reckon that passive monitoring will never trigger since being proxied it will never reach the 8 hop count required
- I did a full wireshark capture of the machine IP, it downloads the WPAD configuration, does stuff with ldap and the domain but I see no DNS queries after the domain, WPAD and ISATAP ones. We don't have isapad deployed. Neither IPv6, for that (Italy still has no good IPv6 infrastructure)
- On the web ports (80, 443 and the proxy port) I see request for WPAD, the various data.microsoft.com things, and some XML stuff with the domain controller (no idea); nothing trying to go out to the test site, either directly or thru the proxy
I did a full network reset with no success. At least two different machines have the problem and on one of these there is no antivirus installed (the other one uses kaspersky, if it helps). I tried linking a GPO with the NCSI 'corporate' options (DNS probe, website probe) but nothing happens (seems that nlasvc for some reason decides to not do the probes)
On the registry side: in currentcontrolset/services/nlasvc/parameters I have enableactiveprobing to 1 (I read that sometimes that get wrong).
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies has an empty string… is that right? I vaguely remember that ``something else'' should set the proxy here, but I didn't find any documentation. Could be that an issue?
Next thing I'll try to remove the machines from the domain to see if there is some unknown GPO that could disturb the service. Any other idea?
The release is a 2004-19041. Thanks in advance for any suggestion
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 68%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 4%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 79%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELO%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 40%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)