IT Handyman

www.msftncsi.com and why firewall administrators need to allow all traffic to reach this

www.msftncsi.com

Before we start talking about the above site. Let me tell you the problem that prompted me to search for answers.

The dreaded exclamation mark on the network icon. The problem was that even though the exclamation mark and the mouseover text seemed to say that there was no internet. The fact was that the Internet was actually working and functioning fine. Strange wouldn’t you say? Funny thing was, some computers were affected, some were not. It did not affect the functioning of the computer so I ignored the problem until one day, someone told me that the search function in Microsoft Office applications did not work when the above error was present on the computer. Searching online for templates and pictures within Microsoft Office was simply disabled.

I tried a plethora of fixes. I thought it was the network driver problem, I updated the driver, hoping for the problem to be resolved. Nope, that exclamation mark stayed. I Googled some more and some were saying to adjust he advanced settings in device manager to disable IPv4 offloading or some such. I tried that, it worked for ONE pc but did not work anywhere else.

Then I came across a post that I would have never thought would be the answer to the problem. The post was saying that Windows actually connects to a site to figure out whether to display the exclamation mark on the network icon or not.

It downloads a little text file that looks like this. I kid you not!

http://www.msftncsi.com/ncsi.txt

Microsoft NCSI



How does Windows know whether it has internet access or if a Wi-Fi connection requires in-browser authentication?

Tobias Plutat and Jeff Atwood both replied with information about the Network Connectivity Status Indicator (NCSI) service, first introduced in Windows Vista.

When called on by Network Awareness, NCSI can add information about the following capabilities for a given network:

  • Connectivity to an intranet
  • Connectivity to the Internet (possibly including the ability to send a DNS query and obtain the correct resolution of a DNS name)

NCSI is designed to be responsive to network conditions, so it examines the connectivity of a network in a variety of ways. For example, NCSI tests connectivity by trying to connect to http://www.msftncsi.com, a simple Web site that exists only to support the functionality of NCSI.

How does it work?

Windows does indeed check a Microsoft site for connectivity, using the Network Connectivity Status Indicator site. There are a few variations of the connection checking process:

  1. NCSI performs a DNS lookup on www.msftncsi.com, then requests http://www.msftncsi.com/ncsi.txt. This file is a plain-text file and contains only the text Microsoft NCSI.
  2. NCSI sends a DNS lookup request for dns.msftncsi.com. This DNS address should resolve to 131.107.255.255. If the address does not match, then it is assumed that the internet connection is not functioning correctly.

Source: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/

 

What do I do?

The first thing you need to do is to allow traffic to www.msftncsi.com and put it at the top of your firewall list. Below is an example of my rule on the office firewall.

As you can see, I’ve created a rule and allowed all traffic to www.msftnsci.com. Since I’ve created the rule,  6.87GB of data just to www.msftnscsi.com has been transferred to and from computers within the network. The best thing is, I don’t have any “exclamation mark on the icon” problems anymore.

Facebook Page

Facebook By Weblizar Powered By Weblizar