How does Windows know whether it has internet access or if a Wi-Fi connection requires in-browser authentication?

132

In Windows 7, the notification area networking icon will show an error indicator if there is no internet access wifi-err , and the error icon goes away once there is a successful connection to the internet networking normal . Sometimes, if the WiFi connection requires an in-browser authentication step, like on many guest networks in hotels or universities, then the following pop-up bubble appears, saying as much: additional log on information may be required, click to open your browser

How does Windows know whether or not it has a successful internet connection?
Presumably it is checking some online Microsoft service to see whether it has a successful connection, gets redirected to some other page, or doesn't get any response at all, but I haven't seen anywhere that this process or the services used are documented. Can anybody explain how this works? I would prefer answers that refer to facts, rather than just guessing, but if you have a really good guess, then go for it.

This question was a Super User Question of the Week.
Read the May 16th, 2011 blog entry for more details or submit your own Question of the Week.

nhinkle

Posted 2011-05-02T07:50:23.123

Reputation: 35 057

1If it were to check a Microsoft service, how would it get past the in-browser activation step? Or am I misunderstanding you? (+1 btw, interesting question) – slhck – 2011-05-02T08:14:21.643

@slhck: That's the point of it checking: if it can't access the service properly, but its attempt gets some response, it presumes that there might be an in-browser step. If there's no response at all, it assumes there's just local access. I'm just not sure how exactly that process works. I've updated my question to be a bit more clear (hopefully). – nhinkle – 2011-05-02T08:18:04.057

@nhinkle I have no Windows PC but maybe somebody can fire up Wireshark to see what the machine actually does in such a case. – slhck – 2011-05-02T08:23:48.957

When the error indicator says that there is no internet access, open the network troubleshooter. While the troubleshooter runs you can clearly see a step "Trying to connect to Microsoft.com". So my guess is that it uses a service. – Mayank – 2011-05-02T08:28:06.327

Answers

After some digging (the sheer number of network and Internet related services in Windows is astonishing), I think I found it. Windows Vista and 7 have a variety of Network Awareness features, one of which is the Network Connectivity Status Indicator that performs connectivity tests that in turn are used by the network systray icon. The test for internet connectivity is simple:

NCSI tries to load a specific page via HTTP (more precisely: a text document) and tests whether it can be retrieved.
If that is not successful, Windows reports "No Internet access".

The mechanism also checks whether the domain the document is hosted on resolves to the expected IP address. So, it might also assume proper internet access if this test is successful but the document can't be retrieved.

The reason it reports "No Internet Access" when you haven't authenticated on a Hotspot yet lies in the way a Hotspot works. It blocks all ports besides 80 and 443 (for HTTP and HTTPS, respectively), which get redirected to the Hotspot's authentication server and might mess with DNS requests in one way or another. Thus, NCSI can neither resolve the domain its test file is hosted on, and even if it could it wouldn't reach the actual file because HTTP traffic is redirected to the Authentication server.

Source: http://technet.microsoft.com/en-us/library/cc766017%28WS.10%29.aspx

Tobias Plutat

Posted 2011-05-02T07:50:23.123

Reputation: 5 051

1I do not doubt that this is mostly correct but it seems to be a incomplete. Sometimes, you'll have a problem with DNS and the connectivity icon will show a popup which indicates that you have internet access but that DNS is failing. I think there must be a step before step 1 (or possibly after step 1) which is that it tries to resolve the DNS. If that succeeds (but the page doesn't load) then you get the DNS error message instead. – krowe2 – 2015-04-10T19:13:27.023

13A hotspot would have to allow DNS, otherwise any attempt to access a server by hostname (rather than by IP address) would fail with an "unable to resolve address"-type error. Depending on the hotspot's setup, it may resolve all names to the address of its auth server or it may resolve the names correctly and rely solely on redirection of http(s) connections to the auth server. The DNS portion of the checks described in the liked document is to verify that dns.msftncsi.com resolves to the correct address, not whether it resolves at all. – Dave Sherohman – 2011-05-02T11:00:00.007

1That is indeed correct. I updated the answer to reflect that. – Tobias Plutat – 2011-05-02T11:07:17.440

Awesome find, and good description of how it works! If no better answers appear, there's a bounty coming your way soon. – nhinkle – 2011-05-02T16:51:54.773

It also says No Internet access if you are behind a proxy ;) – Oscar Mederos – 2012-09-17T02:14:48.457

Here are the details of the connection status determination process:

The following list describes how NCSI might communicate with a Web site to determine whether a network has Internet connectivity:

A request for DNS name resolution of dns.msftncsi.com

A HTTP request for http://www.msftncsi.com/ncsi.txt returning 200 OK and the text Microsoft NCSI

This can be disabled with a registry setting. If you set

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
     NlaSvc\Parameters\Internet\EnableActiveProbing

to 0, Windows will no longer probe for internet connectivity.

Apple does something very similar in iOS to detect internet connectivity and possible hotel "login" wifi pages, etc.

Jeff Atwood

Posted 2011-05-02T07:50:23.123

Reputation: 22 108

1Newer (I think Gingerbread and newer...) versions of Android do this as well... they will show the wifi icon in white if they can connect to the network, and it will turn green if it can hit some google-hosted page. The idea behind it is the same. – TM. – 2011-05-02T13:56:49.800

the kindle does this also, Somehow. When I connected to wifi it notified me I needed to open my browser and accept terms of use. I was wondering how this came about also. – Kortuk – 2011-05-14T05:53:00.300

So if http://www.msftncsi.com went down, every Windows 7 computer wouldn't be able to show an online signal? Thats genius!

– liamzebedee – 2011-05-18T07:17:11.143

As Jeff said, to detect an Internet connection, Windows will do:

DNS request to server

HTTP request for known content

In addition to Jeff's answer, I suspect:

3 . If HTTP request is redirected to a outside Microsoft (or doesn't return the expected content), show the message in your screenshot.

Macke

Posted 2011-05-02T07:50:23.123

Reputation: 963

For a connection that requires additional log on information is more likely determined through the DNS resolution step mentioned by Jeff with the following three scenarios occurring:

If the system resolves the correct address, the connection is all clear. (Internet connectivity)
If the system resolves a dns request but is not the correct address then there is a re-direct (possible addition log on information needed)
If the system does not resolve a dns request there is internet connectivity issues (connection establish to network/access point but no internet connectivity)

I assume that the request for:

http://www.msftncsi.com/ncsi.txt

is a quick fire way to test if connection to internet is all clear. After that, the dns requests are run to determine the full status of the connection.

James Mertz

Posted 2011-05-02T07:50:23.123

Reputation: 24 787