How does Windows 7 know whether it has internet access or if a Wi-Fi connection requires in-browser authentication?

In Windows 7, the notification area networking icon will show an error indicator if there is no internet access wifi-err, and the error icon goes away once there is a successful connection to the internet networking normal. Sometimes, if the WiFi connection requires an in-browser authentication step, like on many guest networks in hotels or universities, then the following pop-up bubble appears, saying as much: additional log on information may be required, click to open your browser

How does Windows know whether or not it has a successful internet connection?
Presumably it is checking some online Microsoft service to see whether it has a successful connection, gets redirected to some other page, or doesn’t get any response at all, but I haven’t seen anywhere that this process or the services used are documented. Can anybody explain how this works? I would prefer answers that refer to facts, rather than just guessing, but if you have a really good guess, then go for it.



After some digging (the sheer number of network and Internet related services in Windows is astonishing), I think I found it: Windows Vista and 7 have a variety of Network Awareness features, one of which is the Network Connectivity Status Indicator that performs connectivity tests that in turn are used by the network systray icon. The test for internet connectivity is simple: NCSI tries to load a specific page via HTTP (more precisely: a text document) and tests whether it can be retrieved. If that is not successful, Windows detects “No Internet access”. The mechanism also checks whether the domain the document is hosted on resolves to the correct (i.e. expected) IP address, so it might also assume proper internet access if this test is successful, but the document can’t be retrieved.

The reason it reports “No Internet Access” when you haven’t authenticated on a Hotspot yet lies in the way a Hotspot works: It blocks all ports besides 80 and 443 (for HTTP and HTTPS, respectively), which get redirected to the Hotspot’s authentication server and might mess with DNS requests in one way or another. Thus, NCSI can neither resolve the domain its test file is hosted on and even if it could, it wouldn’t reach the actual file because HTTP traffic is redirected to the Authentication server.



The following list describes how NCSI might communicate with a Web site to determine whether a network has Internet connectivity:

  1. A request for DNS name resolution of
  2. A HTTP request for returning 200 OK and the text Microsoft NCSI

This can be disabled with a registry setting. If you set

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ NlaSvc\Parameters\Internet\EnableActiveProbing 

to 0, Windows will no longer probe for internet connectivity.

Apple does something very similar in iOS to detect internet connectivity and possible hotel “login” wifi pages, etc.

SARTA IT: Using your own server for verification is also possible if you don’t like pinging Microsoft everytime you start your PC.


Comments are closed.