Windows 7 Troubleshooting: internet Access
Issue
Many would have come across the yellow exclamation mark on the network connection even if you are able to access internet successfully. After couple of research, found a solution which fixed the issue. This is a general documentation, little modification will / May be required as per your network infrastructure setup.
Screenshot as how it looks even if the computer is able to connect to Internet.
Working:
When a windows 7 PC is connected to network, the Client PC will immediately connect to the below site and if the site is accessible, you get a message internet access. If the PC is unable to reach the site then you will get a yellow exclamation.
Process
- Client performs a DNS lookup to http://www.msftncsi.com/
- Client connect to http://www.msftncsi.com/ncsi.txt
Once the client is able to reach http://www.msftncsi.com/ncsi.txt the connection turns to internet access
If client is unable to perform any one of the able task, the connection will turn with a yellow exclamation and will show no internet access
How dose client is designed to connect to http://www.msftncsi.com/ncsi.txt
There is a Reg key settings on windows 7 PC where a hard coded entry of the site address can be found on below path
Reg Key Location
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Services\NIaSVC\Paramaters\Internet
Stop Probing Internet
If you would like to stop probing of internet, you can change the highlighted value from 1 to 0
Troubleshooting
Windows 7 Client behind ISA / TMG / UAG as Proxy or Secure NAT client
If the client is behind TMG / ISA or any firewall may face this issues. This is because; as soon as you are connected to network the Process of NCSI kicks in and may get blocked on firewall. The Fix is to completely allow anonymous access to the site.
Windows 7 Client as Proxy
Let take the below example
If you’re using Proxy server and the default gateway of the client is Firewall, You may need to allow the site directly from the internal network to NCSI on Both Front End Firewall and Proxy server. On proxy server ensure that you are creating anonymous access.
This because, as soon as you connect to internet request will directly hit the frontend firewall. Many organization will not allow direct internet access and always route web traffic via proxy. However for this scenario it’s better to allow traffic straight from internal network to internet.
Client As secure NAT client
If your Client Default Gateway is TMG, You need to create an anonymous access from Internal network to www.msftncsi.com as all users.