Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Win 10 no internet access request string?

    Firewalling
    3
    5
    699
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pooperman
      last edited by

      hi there,

      i am using pfsense with pfblocker and snort. I have set it up, that windows does not call Microsoft (dns block via pfblocker). that works great!

      but my issue is, that spotify check on windows 10 if it is online, if not, spotify will show up as offline, even though it could pass my firewall.

      Do what I would like to do, tell windows, that it is online.
      Be it with a registry entry to set it permanent to online or with the dns string, that is only for checking connectivity.

      unfortunately google wasn't helpful in this regards. so I hope someone could help me, if there is a call from Microsoft to check for internet connection and if possible with dns string.

      other workaround would be to find a way to tell window that it is permanent online (if it is possible)

      I know it is not really related to pfsense, but since we are a community with plenty know how, I hope there is someone who might be able to support.

      1 Reply Last reply Reply Quote 0
      • P
        pooperman
        last edited by

        I found a way :)

        there are actually several options, in case someone need to do the same:

        1. let http://www.msftconnecttest.com/ pass your firewall

        2. modify regedit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet EnableActiveProbing and set it to 0

        3. apparently there should also be a way to get the connecttest.txt file and upload it on a server. modifiyng regedit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet ActiveWebProbeHost and place servers ip address with the txt. file.
          windows should know use the servers ip address to request internet access.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          The reg key to stop windows from probing should be

          HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNlaSvcParametersInternet

Under the Internet key, double-click EnableActiveProbing, and then in Value data, type: 0.The default for this value is 1. Setting the value to 0 prevents NCSI from connecting to a site on the Internet during checks for connectivity.

          Not sure if that will help with spotify or not.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          P 1 Reply Last reply Reply Quote 1
          • P
            pooperman @johnpoz
            last edited by

            @johnpoz

            thanks!

            i used method no 1 (my last post) to just enable this dns entry.

            actually it solved spotify and another issue i had with google chrome.

            wasn't able to access ip addresses within my LAN anymore. with Firefox it was working fine.

            B 1 Reply Last reply Reply Quote 0
            • B
              BRH212 @pooperman
              last edited by

              @pooperman Can you, or maybe someone else seeing this tell me how to properly add this dns entry? I feel like I'm missing something.

              I'm having the exact problem with spotify/windows saying it's not connected to internet as described in this post, and I can't figure out how to solve it. I've tried the registry edit and a similar group policy edit I found on another forum, and neither fixed it.

              It may be worth noting that I'm using suricata instead of snort? But I don't think that should make a big difference. Especially since I have even tried disabling the suricata service as a whole and it still happens.

              This is getting very frustrating for me.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.