Windows shows "No Internet Access", but internet is working fine ?!
Since I have installed the last update of pfSense2.4.5-RELEASE and pfBlockerNG-devel 2.2.5_32 all my Windows machines are showing “No Internet Access” at the network connection icon in the taskbar. Despite this notification, internet on all Windows machines is working just fine…
Does anyone also experience this strange behavior?
Please let me know your thoughts about this…
@Herman It sounds as if you're running pfSense in a virtual environment ... are you?
@NollipfSense, thank you for your fast reply.
Yes that is correct. Running pfSense on a Windows Server 2019 Hyper-V host.
The VM is hosting 3 virtual switches. 2 LAN connections and 1 WAN connection.
Hope this helps...
Regards Herman F.
@Herman You might need the set the virtual machine in bridge mode.
Herman last edited by Herman
@NollipfSense can you explain this to me in detail? What is changed that this suddenly occurs? Never had problems with the 2.4.4 version.
RonpfS last edited by
Do you have DNSBL enabled? Inspect the Reports/Alerts tab, maybe you have some microsoft.com site being blocked.
@RonpfS He said "all my Windows machines are showing “No Internet Access” at the network connection icon in the taskbar." So, his Windows OS is not showing connection and not that he was say downloading update or that his machines were calling home. Or, are you saying when the machines cannot call home, he'll get no Internet connections! Everything was working under v2.4.4; so, it seems he had pfBlockerNG installed. I hardly use Windows.
RonpfS last edited by RonpfS
Well my Window 7 calls home every time it boots. When it doesn't reach it's server, it display the “No Internet Access” warning.
I don't remember which domain was used at the time but logging.windows.microsoft.com and watson.microsoft.com are in my DNSBL whitelist.
Herman can disable DNSBL, reboot a Window machine and see if the issue is still present. If the issue is still present, disabling pfblockerng and reboot a Windows to rule out and IP being blocked.
Maybe things were running fine under 2.4.4, but on a new installation, file are created from scratch and what if some whitelisting gone missing.
When disable DNSBL and reboot the machine(s) the problem does not occur. So there must be something blocked I assume. By the way I didn’t know that Microsoft checks online if the machine has internet connection yes or no?
Thanks to both of you. Appreciate all your effort helping me.
When disabling DNSBL and reboot the machine the problem does not occur. So there must be something blocked I assume. By the way I didn’t know that MS checks online if the machine has internet connection yes or no?
Hope this helps,
Gertjan last edited by Gertjan
By the way I didn’t know that Microsoft checks online if the machine has internet connection
Like a phone, you have to pick it up, and hear a dail tone. That somewhat gives a proof that the local network, from the phone to the operators trunk, is operational. Not the entire world wide phone network.
To really make sure "it" actually work, you have to compose some (random) number and see if they answer.
Seems logic, right ?!
Spearfoot last edited by
Sounds like you're blocking Microsoft's NCIS (Network Connectivity Status Indicator) subsystem. Windows systems -- or at least some of them -- query website www (dot) msftncsi (dot) com to verify connectivity. Details here:
riften last edited by
On my Windows 10 machines, they are probing for www.msftconnecttest.com
and ipv6.msftconnecttest.com. And at least one of my DNSBL lists was blocking them so I put them in the white list. Problem solved. Don't need some family member complaining "there's no internet!".
DaddyGo last edited by
I don't think the status of the icon is a big problem, as opposed to MicroSoft collecting possible data with ping responses from www.msftncsi.com
this telemetry is not in vain on the ban list.....!
Create a batch file (ping.bat) that will ping from your Windows-based machine after boot to a few known DNS providers, such as 184.108.40.206, 220.127.116.11.
The icon changes state after a short time - to internet status is ON :-)
riften last edited by
I'm sure there are so many back doors that an obvious 'front door' like these MS 'internet test' sites just aren't a big deal to me. How many of us have a you-know-where made cellphone on our person, sending telemetry to you-know-who country. They know more about us than we know. I don't worry much about MS knowing where I am. I am sure that they don't need this 'connection test' to tell them.
DaddyGo last edited by DaddyGo
I actually agree with you, but if I think about it better, then not.
In case, if we always let them to observe us and let's say it still fits, it will only be catastrophic this situacion.
The people you're talking about on flower language, we gave them all the technology to make them for us afterwards.
They’re just smoothly seizing the opportunity and have grown bigger ever since.
Maybe it’s basically our fault for getting here.
So I destroy down telemetry as much as possible.