Office 2013 can not check in files when LAN does not have internet access or over some VPN’s

Update (4/21/2017):

In cases where the VPN causes this issue, we have found an issue in Windows code (113100710844135), the fix is out  we have verified that Palo Alto Networks Global Protect Client, and Juniper VPN work with this fix.

Office now does not require internet connection to check out files, this update resolves the issue for Office 2013

Office 2016 Click To Run should work without internet connectivity now, and Office 2016 MSI has a hotfix 


Customers are using third party VPN solutions on Windows 7.  If customers migrate to Office 2013 from an older version of Office, they may experience functionality loss in Office when connected via VPN.  Office 2013 took a dependency on NLA (Network Location Awareness), and some VPN solutions do not work properly with NLA.  Specifically, if the VPN software does not define a default gateway.  In this case,  NLA will always report that the client is not connected to the internet.  This impacts Office2013 since it depends on internet connectivity for some functions.  For example, there is no help file on the machine,and all help is on the internet.  If a customer presses F1 in an Office 2013 application, they will always get an error that says they are not connected to the internet while connected via VPN.

**I will update this blog post as more information becomes available.



Users without full internet access may not be able to check in files from the Office 2013 client, even though there is good connection between the Office client and the SharePoint server.



There was a design change between Office 2010 and 2013, where 2013 now requires an internet connection for some activities.  Some customers have already complained about this issue and the product group has been informed of the design limitations.  (but no hotfix is currently in the works, a hotfix may not be possible this looks to be a big change)

The root of the issue seems to be that Office 2013 has a dependency on NLA (Network Location Awareness).  NLA uses probes to determine if the network connection has “Internet Access”.  The way that is does this is 2 ways.

1.  It does a DNS probe for  It expects a specific response.  The response must be  If it is, then that is the correct DNS probe.

2.  It attempts to connect to and attempts to retrieve the file ncsi.txt.  Inside the file the text must be “Microsoft NCSI”.

If both of the above conditions are met, then the connection is marked as having internet connectivity, if not the connection is marked has having no internet connectivity and some Office features will not work.


Possible Workaround:

It is possible to setup a local NCIS server (Network Connection Status Indicator) on your LAN that will respond to the Office Clients requests and allow the Office feature to work.

See posts below for related information and directions:


Comments (11)
  1. Laroche says:

    I’m an office 365 E3 User

    Is there any solution ?


  2. mak says:

    The site is unreachable. This is probably the cause.
    Solution ?

  3. Fredrik says:

    We’ve applied the hotfix on a couple of our laptops. The not-so-funny is that the hotfix (kb2964643) works on some laptops and other not. Anyone else tried to apply it?

  4. Me says:

    Office 2016 seems to have this issue also, but the NLA trick does not work… Does anyone know what else could be done?

  5. Barbara Howard says:

    We’re still struggling with this issue. I didn’t notice any difference after applying hotfix KB2964643 on ~15 machines. Rather than relying on the NLA and its random ping requests, I wish Office would send its own ping request when you open one of the

  6. Doug Cote says:

    We applied KB310360 to a machine that was unable to check in/out documents in SharePoint over a VPN connection but it did not resolve the issue. This machine also has the original Windows hotfix associated with NCSI. Please provide additional solutions
    to requiring an internet connection to check in/out documents. We use Juniper VPN and for security reasons do not enable split tunneling. There has to be a better way besides the internal NCSI host…seems like way too much to do just to let users work in

  7. Jukka Luotonen says:

    Same issue here with latest Office 2016 – First I got it activeted… installing language packages broke something

  8. david says:

    This is still an issue in Office 2016 click-to-run over Junos Pulse (which was spun off from Juniper Networks) in Windows 7 x64. Does not seem to be present in Windows 10 x64.

  9. djpenn says:

    For anyone still having the issue connecting to their Office 365 account through an Office 2016 click-to-run app over Pulse Secure VPN (error message is “We are unable to connect right now. Please check your network and try again later”), try going to the Properties for the network adapter and disabling “Internet Protocol Version 6 (TCP/IPv6)” if your network does not rely on it… that worked for me.

  10. Josh says:

    Disabling IPv6 on the Wi-Fi and Ethernet network adapters (not the Pulse or Juniper VPN virtual adapters) seems to work.

  11. Josh says:

    Disabling IPv6 on the Wi-Fi and Ethernet network adapters (not the Pulse or Juniper VPN virtual adapters) seems to work in WINDOWS 10 when this is an issue with Office365/2016 click-to-run (which is still affected).

Comments are closed.

Skip to main content