Hi @CQDet2803, welcome to the community and to OpenZiti (and zrok and BrowZer)!
When the quickstart waits for the controller to start, the external address needs to be resolvable and the process needs to start. It's possible that the process is running but the assigned advertised address is not addressable.
When you get into this state, first check that the controller is running. You say it's running on windows, but I'm not exactly sure what you mean because the quicsktart is exclusively a bash script. I assume you're using WSL??? You should run ps and grep or systemd (if you used systemd) to make sure the controller is running. Something like ps -ef | grep ziti. Make sure a process is running.
After that you need to verify it's listening on the proper port (8441 in this case). You'd do that with netstat (or if you know ss you could use that). Something like: netstat -ano | grep 8441 | grep LIST
If both of those things are true, then you can connect to the port using localhost:8441. A browser will be fine for this task. If you get json back -- the problem is definitely firewall/routing related. Unfortunately, we won't be able to help with that.
What version of ziti do you have running? If you have a version greater than 1.1.10, you could try using the new ziti ops verify-network --controller-config-file $HOME/.ziti/quickstart/$(hostname)/$(hostname).yaml command. It'll show you output like:
ziti ops verify-network --controller-config-file $HOME/.ziti/quickstart/$(hostname)/$(hostname).yaml
INFO Verifying controller config: /home/ubuntu/.ziti/quickstart/ip-172-31-47-200/ip-172-31-47-200.yaml
INFO controller advertise address at ip-172-31-47-200:8440 is available.
INFO verifying 1 web entries
INFO verifying 1 web bindPoints
INFO web entry[client-management], bindPoint[0] address at ec2-3-18-113-172.us-east-2.compute.amazonaws.com:24882 is available.
INFO web entry[client-management], bindPoint[0] is valid
INFO All requested checks passed.
AWS hairpins your DNS entry so in my case, although the test shows 24882 is available it's actually not allowed through the firewall.
It might help if you also shared more of the logs to see if there are any errors before this section