Copilot in WSL Ubuntu Cannot Reach login.microsoftonline.com: Fix
🔍 WiseChecker

Copilot in WSL Ubuntu Cannot Reach login.microsoftonline.com: Fix

by

You installed Copilot in WSL Ubuntu but it fails to authenticate. The error message states that Copilot cannot reach login.microsoftonline.com. This happens because WSL network configuration isolates Ubuntu from Windows proxy and DNS settings. This article explains why the connection fails and provides step-by-step fixes to restore Copilot authentication.

Key Takeaways: Fixing Copilot Network Access in WSL Ubuntu

  • WSL /etc/resolv.conf: Controls DNS resolution. If it points to localhost, update it to use your Windows DNS server.
  • Windows Defender Firewall: Blocks WSL outbound traffic to login.microsoftonline.com on port 443. Add an allow rule for the WSL process.
  • Copilot proxy environment variables: Set HTTP_PROXY and HTTPS_PROXY in WSL if your network uses a corporate proxy.

ADVERTISEMENT

Why Copilot in WSL Ubuntu Cannot Reach Microsoft Login Servers

WSL version 2 runs inside a lightweight virtual machine. This VM uses a virtual network adapter that does not inherit Windows proxy settings automatically. When Copilot tries to reach login.microsoftonline.com, the request may be blocked by the Windows firewall or misrouted due to incorrect DNS configuration in WSL. The Ubuntu distribution inside WSL also does not read the Windows system proxy or DNS settings by default. If your organization uses a proxy server, Copilot will fail to authenticate because the WSL environment does not send traffic through that proxy.

Another common cause is the WSL /etc/resolv.conf file. WSL generates this file automatically and often sets the nameserver to 127.0.0.1, which points to a local stub resolver that may not forward requests correctly to the Windows DNS server. When the nameserver is incorrect, Copilot cannot resolve the hostname login.microsoftonline.com to an IP address, causing a connection timeout.

Network Isolation in WSL 2

WSL 2 uses a Hyper-V virtual switch. The Ubuntu instance gets a private IP address on a NAT network. This NAT network does not have direct access to the Windows host’s DNS or proxy configuration. The Microsoft documentation states that WSL 2 does not support host networking mode. This means every outbound connection from WSL must go through the Windows host’s network stack. If the Windows firewall blocks the WSL virtual adapter, Copilot cannot reach any external endpoint.

Incorrect DNS Resolution in WSL

By default, WSL writes the DNS server address 127.0.0.1 into /etc/resolv.conf. This points to a local DNS resolver that runs inside WSL. However, this resolver may not forward queries to the Windows DNS server when the network is complex, such as when using VPNs or corporate networks. When Copilot tries to resolve login.microsoftonline.com, the DNS query fails, and the application returns a network error.

Missing Proxy Environment Variables

Many corporate networks require traffic to pass through a proxy server. Windows stores proxy settings in the registry and system settings. WSL does not read these settings. If your organization uses a proxy, Copilot in WSL will not be able to reach login.microsoftonline.com until you set the HTTP_PROXY and HTTPS_PROXY environment variables in the Ubuntu shell. Without these variables, the authentication request is sent directly and is blocked by the proxy server.

Steps to Fix Copilot Connectivity in WSL Ubuntu

Method 1: Configure DNS in WSL

  1. Open Ubuntu terminal
    Launch your WSL Ubuntu distribution from the Start menu or by running wsl in Command Prompt.
  2. Check current DNS settings
    Run cat /etc/resolv.conf. If the nameserver line shows 127.0.0.1, the DNS is misconfigured.
  3. Create a new resolv.conf file
    Run sudo nano /etc/resolv.conf and replace the content with:
    nameserver 8.8.8.8
    nameserver 1.1.1.1
    Save the file with Ctrl+O, then exit with Ctrl+X.
  4. Prevent WSL from overwriting resolv.conf
    Run sudo nano /etc/wsl.conf and add these lines:
    [network]
    generateResolvConf = false
    Save and exit.
  5. Restart WSL
    Close the Ubuntu terminal. In Windows PowerShell, run wsl --shutdown. Then restart Ubuntu.
  6. Test DNS resolution
    In Ubuntu, run nslookup login.microsoftonline.com. You should see resolved IP addresses. If not, verify the nameserver line.

Method 2: Allow WSL Through Windows Firewall

  1. Open Windows Defender Firewall with Advanced Security
    Press Win+R, type wf.msc, and press Enter.
  2. Create an outbound rule for WSL
    Right-click Outbound Rules and select New Rule. Choose Program, then browse to C:\Windows\System32\wsl.exe. Click Next.
  3. Allow the connection
    Select Allow the connection. Click Next.
  4. Apply the rule to all profiles
    Check Domain, Private, and Public. Click Next.
  5. Name the rule
    Enter WSL Outbound Access and click Finish.
  6. Test Copilot
    Open Ubuntu and try to authenticate Copilot again. If the error persists, restart Windows to apply the firewall change.

Method 3: Set Proxy Environment Variables in WSL

  1. Find your Windows proxy address
    Open Settings > Network & Internet > Proxy. Under Manual proxy setup, note the Address and Port.
  2. Open Ubuntu bash profile
    Run nano ~/.bashrc in Ubuntu.
  3. Add proxy variables
    Append these lines at the end of the file:
    export HTTP_PROXY=http://proxy.example.com:8080
    export HTTPS_PROXY=http://proxy.example.com:8080
    Replace proxy.example.com:8080 with your actual proxy address and port.
  4. Save and reload
    Save the file with Ctrl+O, exit with Ctrl+X, then run source ~/.bashrc.
  5. Test Copilot
    Run Copilot in the same terminal session. The proxy environment variables are now active.

ADVERTISEMENT

If Copilot Still Has Issues After the Main Fix

Copilot Returns a DNS Resolution Error

If Copilot still shows a DNS error after configuring resolv.conf, the WSL network stack may be using a cached incorrect DNS. Run sudo systemd-resolve --flush-caches in Ubuntu. If systemd-resolve is not available, restart WSL completely with wsl --shutdown in PowerShell and then reopen Ubuntu.

Copilot Fails to Authenticate with a Proxy Error

If you set proxy variables but Copilot still fails, the proxy may require authentication. Add the username and password to the proxy URL in the format http://username:password@proxy.example.com:8080. Store these variables in ~/.bashrc. Be aware that storing credentials in plain text is a security risk. Use a dedicated proxy authentication service if available.

Copilot Cannot Reach Any External Server

If Copilot cannot reach any server, the WSL virtual adapter may be disabled. Open Windows Device Manager, expand Network adapters, and look for the Hyper-V Virtual Ethernet Adapter. Ensure it is enabled. Then run wsl --shutdown and restart Ubuntu.

Item WSL 1 WSL 2
Network type Shared with Windows host Virtual NAT network
DNS inheritance Inherits Windows DNS automatically Uses internal resolver, may need manual config
Proxy inheritance Inherits Windows proxy settings Does not inherit proxy; must set env variables
Firewall impact Uses Windows process directly Requires explicit outbound rule for wsl.exe
Copilot authentication Usually works out of the box Often fails without DNS or firewall adjustments

You can now configure DNS, firewall, and proxy settings in WSL Ubuntu so that Copilot can reach login.microsoftonline.com. Start with the DNS fix because it resolves the most common cause. If you use a corporate network, set the proxy environment variables next. For persistent issues, run wsl --shutdown to reset the WSL network stack before testing again. As an advanced step, consider using a WSL configuration file that imports Windows proxy settings automatically using a script in .bashrc.

ADVERTISEMENT

← Back to WiseChecker HomeMore in Windows & PC

🔍 Recommended for You