Windows 7 Troubleshooting: internet Access

Article
1/17/2024

Issue

Many would have come across the yellow exclamation mark on the network connection even if you are able to access internet successfully. After couple of research, found a solution which fixed the issue. This is a general documentation, little modification will / May be required as per your network infrastructure setup.

Screenshot as how it looks even if the computer is able to connect to Internet.

Working:

When a windows 7 PC is connected to network, the Client PC will immediately connect to the below site and if the site is accessible, you get a message internet access. If the PC is unable to reach the site then you will get a yellow exclamation.

Process

Client performs a DNS lookup to http://www.msftncsi.com/
Client connect to http://www.msftncsi.com/ncsi.txt

Once the client is able to reach http://www.msftncsi.com/ncsi.txt the connection turns to internet access

If client is unable to perform any one of the able task, the connection will turn with a yellow exclamation and will show no internet access

How dose client is designed to connect to http://www.msftncsi.com/ncsi.txt

There is a Reg key settings on windows 7 PC where a hard coded entry of the site address can be found on below path

Reg Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Services\NIaSVC\Paramaters\Internet

Stop Probing Internet

If you would like to stop probing of internet, you can change the highlighted value from 1 to 0

Troubleshooting

Windows 7 Client behind ISA / TMG / UAG as Proxy or Secure NAT client

If the client is behind TMG / ISA or any firewall may face this issues. This is because; as soon as you are connected to network the Process of NCSI kicks in and may get blocked on firewall. The Fix is to completely allow anonymous access to the site.

Windows 7 Client as Proxy

Let take the below example

If you’re using Proxy server and the default gateway of the client is Firewall, You may need to allow the site directly from the internal network to NCSI on Both Front End Firewall and Proxy server. On proxy server ensure that you are creating anonymous access.

This because, as soon as you connect to internet request will directly hit the frontend firewall. Many organization will not allow direct internet access and always route web traffic via proxy. However for this scenario it’s better to allow traffic straight from internal network to internet.

Client As secure NAT client

If your Client Default Gateway is TMG, You need to create an anonymous access from Internal network to www.msftncsi.com as all users.

Share via