lost and found ( for me ? )

Windows Vista and later : Network Connectivity Status Indicator (NCSI)

[ what’s NCSI ]

NCSI probes Internet connectivity automatically and determines whether Internet connectivity is available or not based on NSCI probing results.
This function has been implemented Windows Vista and later.

About NCSI
Vista : http://technet.microsoft.com/en-us/library/cc766023::(WS.10).aspx
7 and 2008 R2 : http://technet.microsoft.com/en-us/library/ee126135(WS.10).aspx

[ How does NCSI check Internet connectivity ? ]

NCSI checks Internet connectivity by using two methods.

1.  GET ncsi.txt file via HTTP and check the string in that file

access to http://www.msftncsi.com/ncsi.txt and check ncsi.txt containing “Microsoft NCSI”

perform DNS lookup for www.msftncsi.com
access to www.msftncsi.com and GET ncsi.txt and then check ncsi.txt containing “Microsoft NCSI”

performs DNS lookup
# dig @DNSServer www.msftncsi.com

; <<>> DiG 9.8.0-P1 <<>> @DNSServer www.msftncsi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24246
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.msftncsi.com.              IN      A

;; ANSWER SECTION:
www.msftncsi.com.       2103    IN      CNAME   newncsi.glbdns.microsoft.com.
newncsi.glbdns.microsoft.com. 300 IN    CNAME   ncsi.glbdns.microsoft.com.
ncsi.glbdns.microsoft.com. 300  IN      A       207.46.61.90


access to www.msftncsi.com
# wget http://www.msftncsi.com/ncsi.txt


check that file containing “Microsoft NCSI”
# cat ncsi.txt
Microsoft NCSI#

There are no line terminators in this file.
# file ncsi.txt
ncsi.txt: ASCII text, with no line terminators

2.  perfom DNS resolution and check the answer

performs DNS look up for dns.msftncsi.com and confirm whether the IP matches 131.107.255.255 or not.
If the IP matches 131.107.255.255 , NCSI determines that your PC has correct Internet connectivity.
If not , NSCI determines  your PC has wrong Internet connectivity.

DNS lookup for dns.msfncsi.com
# dig @DNSServer dns.msftncsi.com

; <<>> DiG 9.8.0-P1 <<>> @DNSServer dns.msftncsi.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16747
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dns.msftncsi.com.              IN      A

;; ANSWER SECTION:
dns.msftncsi.com.       30      IN      A       131.107.255.255

[ if NCSI probing fails ]

On “Windows button -> Control Panel -> Network and Internet -> Network and Sharing Center” ,
You will see red X mark between network and internet icon as below.



Note that this situation will happen even though your PC has actually internet connectivity.

For example:
- can’t resolve DNS lookup for www.msftncsi.com
- can’t get right cnsi.txt ( www.msftncsi.com/ncsi.txt )
- can’t get the correct DNS reply ( dns.msftncsi.com =131.107.255.255 )

If you have internet connectivity for sure , but see the above red X mark , try the followings.
- turn off Anti Virus tool if you have installed it
- perform DNS lookup for dns.msftncsi.com with nslookup command
- check ncsi.txt containing “Miscosoft NCSI” into that file manually using CLI or something

[ How to turn off NCSI probing ]

regedit ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

To disable this functions , set EnableActiveProbing to 0
Default value is 1 ( enabled probing )



[ How frequently does NCSI probe ? ]

I built fake www.msftncsi.com to check NCSI probing interval.

                |------------ internet
Client – SW ---- DNS
                |---- fake Web server ( Apache respond to ncsi.txt containing “M$” )


- Client performs DNS lookup for www.msftncsi.com
- DNS returns the fake web server’s address
 Except for www.msftncsi.com query , DNS returns correct answers.
- Client accesses to the fake Web server
- fake web server respond to ncsi.txt
- NCSI determines there’s no internet connectivity even though there’s internet connectivity.

the content of nsci.txt
# cat /var/www/ncsi.txt
M$

M$ not MS :)

NCSI probing misunderstands my PC does not have Internet connectivity even though there’s Internet connectivity.

Here’s an access.log of fake web server.
Seen from access.log , polling interval does not seem to be fixed.
23:27:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:28:23 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:28:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:29:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:30:43 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:32:33 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:34:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:38:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:44:13 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI"
23:52:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 279 "-" "Microsoft NCSI"

I don’t like this function :(

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.