Packet Fragment: Windows Blocking an SSID

A car with the hood up.

Recently I got brought in on a ticket where the colleague couldn’t connect to our wireless network. Even manually adding the SSID to the computer was met with an error of “Your network administrator has blocked you from connecting to this network.” But why would Windows block an SSID? As I said in a previous post about Microsoft DHCP, sometimes the GUI lies or at least doesn’t tell you the whole story.

A screenshot showing the error "Your network administrator has blocked you from connecting to this network."
Windows 10 Error

Knowing that I can’t go talk to the network administrator unless I talk to myself, I proceeded to try to find more information. Enter the netsh command line tool. Netsh lets you get information about the network stack from Windows. In this case, it took some Google-Fu to come up with the right set of commands. The answer came from the Make Tech Easier blog. The “netsh wlan show filters” command shows any filters or blocks that would prevent an SSID from being used. In this case, the blocked SSID had been listed in a group policy. After working with our Windows team, we were able to disable the offending GPO and restore connectivity.

Final Thoughts

Working through this incident brought up several pet peeves for me. First, Microsoft please stop using the term network administrator for your error messages. All it accomplishes is to send tickets to network teams that should be handled by helpdesk or desktop support teams. It’s always the network, and this is one reason why. Secondly, Microsoft should give better error messages. Why couldn’t this have said, “Your computer has been blocked from connecting to this network by a group policy, please contact your IT professional.”? Just like comments in code, error messages should be clear and contain useful information.