How to Fix Connect Attempts to www.msftconnecttest.com on Windows Server 2016

Whenever a machine running Windows 10 or Windows Server 2016 is started a connection test to verify Internet access is initiated.

The test is performed by Windows probing msftconnecttest.com and ipv6.msftconnecttest.com to try and download a file named connecttest.txt. It will also probe dns.msftncsi.com looking for a reply of 131.107.255.255.

When you have a machine that’s connected to the internet through a proxy that blocks certain traffic based on user authentication it’s possible for a condition to exist where this connection test goes haywire and repeats itself over and over.

You can observe this behavior by the Network Adapter icon in the task tray flashing from Internet Access to Limited Connectivity (the yellow warning triangle).

You may also see an unusually high number of connection attempts to www.msftconnectest.com from the server and through your proxy.

If you open the Resource Monitor and navigate to the Network Tab and expand the Network Activity section you’ll see activity on a number of process including svchost.exe (NetworkService) and svchost.exe (utcsvc) hammering your proxy address.

There are multiple ways to resolve this problem by disabling the internet connection test and sending of data to Microsoft’s msftconnecttest.com server.

Disable Microsoft Internet Connection Test via Registry Key

Screenshot of registry editor showing how to disable internet connection testing in Windows.

The easiest option to disable the repeated attempts to the connection test url is to change a registry key which takes affect immediately and does not require a reboot.

  1. Open regedit.exe via the start menu, run box, or CMD/PS
  2. Navigate to the following folder in the Registry Editor: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet
  3. Double-click on EnableActiveProbing to edit the value.
  4. Change the Value data from 1 to 0.
  5. The internet availability probing of msftconnecttest.com should stop immediately.

Set Custom Internet Connection Test Server via Registry

It’s also possible to set up your own corporate server for testing internet connectivity of machines on your network that you can whitelist in your proxy and security equipment. You can then set that machine’s address in the registry in the same location we disabled the feature all together above.

  1. Save the connecttest.txt file to your own internet server and publish it.
  2. Open regedit.exe via the start menu, run box, or CMD/PS
  3. Navigate to the following folder in the Registry Editor: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet
  4. Change the REG_SZ key ActiveWebProbeHost to the address of your web server.
  5. Change the REG_SZ key ActiveWebProbeHostV6 to the IPv6 address of your web server (if you use IPv6).
  6. Enter a DNS record on your internet DNS server that you can test resolution to (example create an A record for DNSTEST.yourdomain.com and set the IP to that of your web server).
  7. Change the REG_SZ key ActiveDnsProbeContent to the IP of your web server.
  8. Change the REG_SZ key ActiveDnsProbeHost to the A record url you entered into your public DNS (example DNSTEST.yourdomain.com).
  9. Repeat step 8 for the V6 record.
  10. Make sure the REG_DWORD key EnableActiveProbing is set back to 1.

Disable Microsoft Internet Connection Test via Group Policy

Screenshot of local group policy editor showing how to disable internet connection testing in Windows.

You can also disable the internet connection test feature by editing the local group policy (if not part of a domain) or through group policy management console (if part of a domain).

  1. Open group policy (gpedit.msc if not part of a domain)
  2. Navigate to Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication settings
  3. Change the setting Turn off Windows Network Connectivity Status Indicator active tests to Enabled.

 

Set Custom Internet Connection Test Server via Group Policy

Screenshot of group policy editor showing how to set custom internet connection testing servers in Windows.

If you wish to set up your own corporate internet server for internet connection testing you can set this through Group Policy as well.

  1. Save the connecttest.txt file to your own internet server and publish it.
  2. Navigate to Computer Configuration > Administrative Templates > Network > Network Connectivity Status Indicator
  3. Set Specify corporate Website probe URL to the url of your web server.
  4. Enter a DNS record on your internet DNS server that you can test resolution to (example create an A record for DNSTEST.yourdomain.com and set the IP to that of your web server).
  5. Set Corporate DNS Probe Host Name to the A record URL you configured in step 4 (example DNSTEST.yourdomain.com).
  6. Set Corporate DNS Probe Host Address to the IP of your webserver (the IP that DNSTEST.yourdomain.com resolves to).

Hopefully this helps you control the data that is being transmitted out of your servers. If anything, it’ll help you stop the nuisance of piling up connection attempts against your proxies and security equipment which just muddies the waters when trying to diagnose other networking issues.

Recommended for You: Solarwinds Server & Application Monitor (SAM)

Know which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory?

Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.

Get insight into Active Directory, DNS, DHCP, and your Virtual environment without needing to mess with complex templates or knowing a single line of code.

Leave a Reply

Your email address will not be published. Required fields are marked *