I hope everyone is staying safe and doing well with everything going on.
We have a dozen machines at work with very annoying "No Internet" access problems. Some apps like Adobe Creative Cloud and Office don’t work. However, users can browse the internet just fine. For some users, after 20 mins - 1.5 hours little globe in the taskbar is replaced with the network icon and everything seems to be back to normal.
All company internet traffic goes through the Palo Alto Firewall. Would you agree with my statement that if the firewall is blocking “something” it would affect all 300 users in the company and not just a dozen?
Here is what I have done already on one of the user's workstation but still have the same “No Internet” access problem:
- Windows 10 Pro 20H2 updated with all latest systems update
- HP Workstation updated with all latest BIOS, firmware, etc., updates
- Resetting Network Adapter and DNS using Command Prompt (netsh winsock reset, ipconfig /release, ipconfig /flushdns)
- Changing the “Value data” from 0 to 1 or vise verse in registry (see below) doesn't make any differences. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
I would think that this issue is somehow related to Win10 Network Status Service which cannot find (DNS resolution is failing) Microsoft Network Status Indicator Online Services. Microsoft probably has hundreds of online web servers responding to Win 10 client network indicator status queries. Perhaps the Microsoft web server located somewhere in Brazil (just as an example here I have nothing against Brazil ;-) is blocked due to the Geolocation restriction? Later, the same Win10 client tries again but this time Microsoft online service can be reached because it is located somewhere in the Microsoft data center in Germany.
Based on my theory above, until Microsoft fixes this issue, we need to “fool” Win10 clients somehow by providing them with a “fake” DNS entry response. I would think that some kind of DNS entry (zone, etc.) needs to be created on an internal DNS server so that Win10 clients can quickly find "fake" Microsoft Network Internet Service. If this makes any sense to anyone I need to know what exactly and how this can be done.
Thanks in advance for your help and suggestions.