China Mainland and Windows' www.msftconnecttest.com

Hi all,

Does other Zscaler Customers suffer from same challenges as we are, when using Zscaler’s DCs inside mainland China?

We face problems with connecting to below URL that Microsoft use in Windows 10’s Network Location Awareness to detect if Internet is reachable, and many other Microsoft desktop products rely on Windows’ detection.

URL
http://www.msftconnecttest.com/connecttest.txt

Microsoft also use AKAMAI Content Delivery Network for above URL, and it appears that the Chinese Government is blocking access to many of above hostname’s IP addresses at AKAMAI.

You can easily find them by using Web Insights with a filter like:

URL Search.Host = www.msftconnecttest.com
Location = select relevant
Received Bytes = Custom, min=0 bytes and max=1 byte.

You may find many hits with high count of milliseconds in column [Server Trans. Time (ms]" indicating time out.

Example of many using cURL via Tianjin:

C:\NetworkTest>curl --verbose http://www.msftconnecttest.com/connecttest.txt

GET /connecttest.txt HTTP/1.1
Host: www.msftconnecttest.com
User-Agent: curl/7.67.0
Accept: /

  • Mark bundle as not supporting multiuse
  • HTTP 1.0, assume close after body
    < HTTP/1.0 504 Gateway Timeout
    < Server: Zscaler/6.1
    < Content-Type: text/html
    < Connection: close
    <
504 Gateway Timeout

Gateway Timeout

Server error - server 23.206.238.56 is unreachable at this moment.

Please retry the request or contact your administrator.

* Closing connection 0

Thank you,
/Jesper

All,

I went down in the same rabbit hole again. The hostname should always be resolved to 13.107.4.52, but the lovely government also interfere with DNS resolving.

/Jesper

No issue faced from our end, did you try with Shanghai DC?

Sebastien,

No, did not try another Zscaler DC from our locations and road warriors. We make use of Zscaler DNS service both directly and indirectly via DNS optimization, and this is impacted by Government’s injected pollution from their domestic root DNS servers. We could move to another DC, but then other things may be negatively impacted.

/Jesper

Hi, from Brazil side I’m facing similar issues with different sites in Brazil:
When I try to access www.vivo.com.br it returns the error below.
Gateway Timeout
Server error - server 177.79.246.174 is unreachable at this moment.
Please retry the request or contact your administrator.

No matter what I do, I just can access that site if I disable zscaler!
This is also happening with other sites here in Brazil.

There are several websites in Brazil not reachable while using Zscaler indeed, we face the same issue and unfortunately we need to bypass Zscaler usage in that case.

Jesper, you shall reach out to your TAM/Sales team, Zscaler is having a new solution in China mainland to avoid the issue you do face. (through usage of China Premium Access)