Why Public Wi-Fi Logins Don’t Pop Up on Windows 11 and How to Trigger Them
🔍 WiseChecker

Why Public Wi-Fi Logins Don’t Pop Up on Windows 11 and How to Trigger Them

by

Quick fix: Captive portal sign-in page didn’t auto-open? Manually trigger by visiting http://neverssl.com in your browser. The portal intercepts unencrypted HTTP and shows its sign-in. Or open http://msftconnecttest.com/redirect — Windows’s own test endpoint. Don’t use HTTPS sites; HTTPS may bypass portal interception.

You connect to airport, hotel, or cafe Wi-Fi. The captive portal sign-in page should pop up automatically. It doesn’t. Internet appears connected but actually blocked behind portal. The fix: manually trigger portal by visiting an HTTP (not HTTPS) site.

Symptom: Public Wi-Fi captive portal sign-in page doesn’t pop up; can’t reach internet despite connected status.
Affects: Windows 11 (and Windows 10) on public Wi-Fi.
Fix time: ~3 minutes.

ADVERTISEMENT

What causes this

Captive portals intercept HTTP traffic and redirect to sign-in page. Windows detects this via a Network Connectivity Status Indicator (NCSI) probe to msftconnecttest.com. If the probe is blocked (firewall, custom DNS, VPN), Windows doesn’t detect the portal — doesn’t pop the sign-in. Modern HTTPS-everywhere means most sites bypass interception too. Force HTTP visit triggers portal manually.

Method 1: Manually visit an HTTP site

The simple workaround.

  1. Connect to public Wi-Fi.
  2. If sign-in page doesn’t auto-pop: open browser. Navigate to http://neverssl.com (designed exactly for this purpose).
  3. The captive portal intercepts the HTTP request and displays sign-in page.
  4. Sign in / accept terms / pay if needed.
  5. Internet now works.
  6. Alternative sites: http://msftconnecttest.com/redirect (Microsoft’s test), http://example.com, http://httpforever.com.
  7. HTTPS sites won’t work for this — modern portals can’t MITM HTTPS.

This is the universal workaround.

ADVERTISEMENT

Method 2: Fix NCSI probe so auto-pop works

For permanent fix.

  1. Open Registry Editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet.
  3. Verify or set DWORD EnableActiveProbing = 1.
  4. This re-enables NCSI active probe that detects captive portals.
  5. Reboot.
  6. Connect to public Wi-Fi. Captive portal should auto-pop.
  7. For some VPN clients that block NCSI: disconnect VPN, connect Wi-Fi, sign in to portal, then reconnect VPN.
  8. For corporate firewall blocking msftconnecttest.com: contact IT or set custom probe URL via registry ActiveWebProbeHost to a reachable HTTP site.

This restores auto-detection.

Method 3: Use Windows’s built-in “Open browser to sign in” notification

For some networks.

  1. On the Wi-Fi connection’s notification flyout: Settings → Network & internet → Wi-Fi → click the connected network.
  2. Look for option Sign in or Open browser to sign in. Click.
  3. If sign-in page doesn’t display: try a different browser (Edge if Chrome was used, etc.).
  4. For Wi-Fi where sign-in requires specific browser: portal may use JavaScript not supported by older browsers. Use Edge or Chrome.
  5. For PCs that worked before but now don’t: clear browser cookies for the portal’s domain. Old auth cookie blocks new sign-in.
  6. For corporate or guest networks with WPA2-Enterprise: usually no captive portal — authentication via certificate. Different process.

This is the right path for specific network behaviors.

How to verify the fix worked

  • Captive portal sign-in page opens automatically or via the HTTP redirect.
  • After sign-in: visit any HTTPS site (e.g., google.com). Works.
  • Settings → Network: connection shows Internet (not just Limited).

If none of these work

If portal still won’t trigger: VPN blocking: disconnect VPN before Wi-Fi sign-in. VPNs route traffic before portal sign-in possible. Custom DNS: Cloudflare 1.1.1.1, Quad9 may bypass portal’s DNS hijack. Temporarily switch back to Automatic DNS (DHCP-provided) until signed in. For HSTS-locked HTTPS sites: previously-visited HTTPS sites are stored as HSTS, won’t downgrade to HTTP. Use a different site for triggering. For corporate-managed PCs: managed devices may block captive portal sign-in. Use personal hotspot from phone instead. For phone-tethered hotspot: skip the captive portal entirely — tether from phone for guaranteed internet.

Bottom line: Visit http://neverssl.com in browser to manually trigger captive portal. Or fix NCSI registry settings. Disconnect VPN before sign-in on public Wi-Fi.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You