Troubles with NCSI - Windows 10 doesn't even probe the addresses

Lorenzo Marcantonio 1 Reputation point

I have a mixed Win7/Win10 AD domain. Access to internet is via proxy, configured via WPAD, and everything is fine…
For making NCSI work I added the corresponding rules and it works perfectly on Win7. I know that the latest Win10 have another address and URL for checking, however there is a strange behaviour:

  • Win 10 says " domain, no internet connection" (or something like that, it's an italian language version) in the tooltip (this is the issue because skype and other things don't work if it says so)
  • Everything works fine (except things depending on the NCSI)
  • I reckon that passive monitoring will never trigger since being proxied it will never reach the 8 hop count required
  • I did a full wireshark capture of the machine IP, it downloads the WPAD configuration, does stuff with ldap and the domain but I see no DNS queries after the domain, WPAD and ISATAP ones. We don't have isapad deployed. Neither IPv6, for that (Italy still has no good IPv6 infrastructure)
  • On the web ports (80, 443 and the proxy port) I see request for WPAD, the various things, and some XML stuff with the domain controller (no idea); nothing trying to go out to the test site, either directly or thru the proxy

I did a full network reset with no success. At least two different machines have the problem and on one of these there is no antivirus installed (the other one uses kaspersky, if it helps). I tried linking a GPO with the NCSI 'corporate' options (DNS probe, website probe) but nothing happens (seems that nlasvc for some reason decides to not do the probes)

On the registry side: in currentcontrolset/services/nlasvc/parameters I have enableactiveprobing to 1 (I read that sometimes that get wrong).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies has an empty string… is that right? I vaguely remember that ``something else'' should set the proxy here, but I didn't find any documentation. Could be that an issue?

Next thing I'll try to remove the machines from the domain to see if there is some unknown GPO that could disturb the service. Any other idea?

The release is a 2004-19041. Thanks in advance for any suggestion

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,266 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gary Nebbett 5,721 Reputation points

    Hello @Lorenzo Marcantonio

    One thing that you could try is to use Event Tracing for Windows (ETW) to trace what is happening and then analyse the captured data (or post a link here so that we can help).

    One way of starting the trace would be to issue the command:

    netsh trace start scenario=NetConnection tracefile=noint.etl

    Now reproduce the problem (disconnect and then reconnect the client from the network) and then stop the trace with a command like:

    netsh trace stop.

    Here is an example of the sort of information that can be found in the trace file:



  2. Lorenzo Marcantonio 1 Reputation point

    I actually ``solved'' without needing a trace. Quotation marks are needed because I simple removed an rejoined the domain.
    Two very long restarts later it started working on both affected machines.
    No idea of what happened… probably some domain things got stuck or whatever.

    0 comments No comments