When staying at a public place, such as a hotel, a client’s laptop could connect to the Wi-Fi but was unable to perform anything over the Internet.  For example, trying to browse anywhere would provide an error message like this:

 This site can’t be reached
 www.msftconnecttest.com took too long to respond.

Windows sometimes performs an action called “Active Probing” to check if a path to the Internet exists before it even tries to send traffic over it. This “probing” involves sending an HTTP request to www.msftconnecttest.com and seeing if it returns a proper response. If it doesn’t, this error is displayed and Internet traffic is blocked.

Public WiFi often uses a captive portal that displays a page for people to authenticate themselves in some way, like a hotel room number, before its DNS will resolve anything. Thus, www.msftconnecttest.com will provide no IP address, even for the captive portal page.

We can disable the “Active Probing” here:

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet

Change the value for EnableActiveProbing from 1 to 0 to disable it and it should start working immediately.

As a “security enhancement,” a computer running Windows 11 24H2 will not be able to access an SMB share that has been configured to not require a password (i.e., guest or public folder with password not required.)

Here’s how to disable the feature:

Using GPEDIT.MSC:

• >Computer Configuration > Administrative Templates
  > Network > Lanman Workstation
• Enable the setting for “Enable insecure guest logons
• Apply and restart the computer

USING REGEDIT:

• HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters.
• If the AllowInsecureGuestAuth entry does not exist, add it as a DWORD (32-bit) Value
• Set the value of AllowInsecureGuestAuth to 1.
• Close the Registry Editor and restart your computer.

Windows 11 24H2 contains a new feature called “Recall.” This takes and stores continuous screenshots of all of your computer activity purportedly to “help you,” but it is a horrible security risk and should be disabled. Perform these procedures in an elevated command prompt window:

To check the feature’s current status:
Dism /Online /Get-Featureinfo /Featurename:Recall

To disable the feature:
Dism /Online /Disable-Feature /Featurename:Recall

If you want to enable it for some reason:
Dism /Online /Enable-Feature /Featurename:Recall

When setting up a new Windows 11 computer, you are forced to set up a Microsoft account. The option to set up a local account is no longer available unless you perform the following:

When you start up a new Windows 11 computer for the first time, a “wizard” begins. At the first screen, where you select the country, perform the following:

1. Press Shift + F10. This will open a command window.
2. In the command window, type: OOBE\BYPASSNRO (no spaces) and press Enter

The computer will reboot and the option “I don’t have Internet” will become available for you to select and you can proceed to set up a local account.

UPDATE: Starting with Windows 11 25H2, the OOBE\BYPASSNRO has been removed, so the following method will accomplish the same thing:

When you start up a new Windows 11 computer for the first time, a “wizard” begins. At the first screen, where you select the country, perform the following:

1. Press Shift + F10. This will open a command window.
2. In the command window, type: start ms-cxh:localonly and press Enter

The computer will then reveal the screen to set up a local account.

On a Windows 11 laptop, booting up stopped at:
Missing File: \BCD (instead of File: \boot\bcd)
Error code: 0xc0000098

We tried Startup Repair but it failed.

The laptop had secure boot enabled in CMOS & Bitlocker was on, so we needed to get the Recovery Key from the customer’s Microsoft account. We were prompted to enter this recovery key during this process. (Fortunately, they had used their MS account on the laptop!)

1. Boot from a Windows 11 install media on USB created with Rufus using UEFI option.
2. On the initial screen, choose language, etc., then Next
3. Click on “Repair your computer” (don’t click Install)
4. Click Troubleshoot then click Command Prompt and use the following commands.
5. c:
6. cd windows\system32
7. bootrec /fixmbr (this should say it’s successful)
8. bootrec /fixboot (this returned “Access is denied”)
9. bootsect /nt60 sys (should be successful)
10. bootrec /fixboot (now this was successful)
11. attrib c:\boot\bcd -h -r -s (returned “Path not found” error)
12. diskpart
13. list disk (note disk number of bootable disk, usually C. Ours was 0)
14. select disk 0
15. list volume (the bootable volume is the one that is FAT32 <500MB.)
    (This was Volume 1 for us)
16. select vol 1
17. assign letter=v:
18. list volume (note Volume 1 now has asterisk with drive letter V)
19. format fs=fat32 override
20. list volume (should show same as before)
21. exit (returns to command prompt)
22. v:
23. bcdboot c:\windows  /s  v:  /f  UEFI
24. exit

Now everything is back to normal.

This was a big help in our fixing this: https://www.youtube.com/watch?v=-jjmfB20m9o

Computers with Acrobat or Acrobat Reader installed start having these errors appear on the screen.

Delete or rename the following keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroCEF.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RdrCEF.exe

There is a hidden advanced power setting “Unattended sleep timeout” that can cause this. To make the setting visible:

HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0

Change the Attributes value on the right to 2

Now you will see the “Unattended sleep timeout” setting which, in our case, was set to 2 minutes. We changed it to zero which disables it.

Usually, this problem is resolved by deleting credentials in the vault, running the MSRA tool, etc. But we had one where even trying to add the account into a new profile would never resolve the autodiscover. Also, clicking on the “Update License” option in any of the Office applications would produce “Something Went Wrong [1001]”

In one particular case, the problem was the machine was missing package information about either the Active Directory Authentication Library (ADAL) or Live ID.

These two commandlets run in user-mode powershell resolved it:

Add-AppxPackage -Register "$env:windir\\SystemApps\\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown

Add-AppxPackage -Register "$env:windir\\SystemApps\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown

If that doesn’t help, try these:

if (-not (Get-AppxPackage Microsoft.AAD.BrokerPlugin)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.AAD.BrokerPlugin

if (-not (Get-AppxPackage Microsoft.Windows.CloudExperienceHost)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.Windows.CloudExperienceHost

In another case, the ADAL was already installed so this was necessary to fix it:

1. Under the problem user: delete or rename these registry keys (if they exist):
   HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities
   HKCU\SOFTWARE\SyncEngines\Providers\OneDrive
   HKCU\SOFTWARE\Microsoft\OneDrive\Accounts
2. Log off the affected user and log on as another user that’s an admin on that computer (create one if necessary.)
3. Delete/rename all these folders in the affected (problem) user:
   C:\Users\[problem user]\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
   C:\Users\[problem user]\AppData\Local\Microsoft\OneAuth
   C:\Users\[problem user]\AppData\Local\Microsoft\IdentityCache
4. Reboot the computer and log in as the problem user

1. Select Sign-In when asked to create or sign-in to a Microsoft account during setup.
2. Use the email address no@thankyou.com.
3. Type any password on the next screen.
4. Windows will display “Oops, something went wrong” on the next screen.
5. Clicking Next opens a screen that allows you to create a local account.
6. You can assign a password to the account, or leave it empty.

This happens when a Let’s Encrypt root certificate is not updated. How to fix:

1. Download the Root Certificate:
——————————————–
https://letsencrypt.org/certs/isrgrootx1.der
NAME: “ISRG Root X1″  (✅ Self-signed, ❌ NOT Cross-signed)

2. Install the certificate:
——————————————–
- Via “Keychain Access.app”
- `File > Import Items…`

You can install it into either the `login` or `system` keychain. But not `System Roots` (which is where it *would* be, if we were on 10.12.1+)

- login = Current user only
- system = All users

3.Manually “Trust” that certificate:
——————————————–
- Find it (“ISRG Root X1″) in the list and double click on it.
- Open the “▶ Trust” area.
- Set: `When using this certificate:` to `Always Trust`
- Close the window, which will ask you to verify with your login password.

Done!