Fake Internet Connectivity for your Lab (Tricking NCSI)

Hello Everyone!

Quick and dirty post today just so i don't forget to write it down...

Sometimes in your lab you might need your network connection status indicator (NCSI) to say you are on the Internet, even though you are not. The scenario I've been hitting a lot is when I am messing about with Direct Access in a lab, often the DA status indicator wont change to 'connected', even though DA is working. It's because the client doesn't think it is on the Internet. This post is to help you work around that issue in your lab environments.

1. You need a default gateway for NCSI to work at all.

2. You need a DNS zone called "msftncsi.com"

-> 2.1. You need an A record for "www" pointing to: 131.107.0.1

-> 2.2. You need an A record for "dns" pointing to: 131.107.255.255

 

3. You need an IIS install on the 131.107.0.1 box. (you just need the basic install).

-> 3.1 Put a file in the default web folder called ncsi.txt

-> 3.2 Put the text "Microsoft NCSI" in the text file. No carriage return, nothing else.

 

 Without the NCSI stuff:

With the NCSI stuff in place:

Ta Da!

Just for reference sake:

If I need fake Internet connectivity I set my lab up like this (this is the lab we used for a Direct Access POC today):

All of the magic mentioned at the top of this blog happens on the Windows 2008 R2 VM with two network interfaces. It does the Web, the DNS, the DHCP - it is the reason the clients think they are on the Internet. The two network interfaces are just there so I can set a default gateway on my clients and NCSI will work. Otherwise we could get away with just two virtual networks, but three isn't so bad, and its only one infrastructure server handling routing, DNS, DHCP, Web for the whole virtual Internet so it isn't to awful.