Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

Disabling IPv6 on Windows 2008

I have run into nothing but trouble with IPv6.  Not that there is anything in particular that is wrong, but not all apps understand and can work with it.  For example I am running a geographically dispersed cluster on a Windows server with 2008 Exchange 2007 on a Dell 2950.  I am getting these odd Event Log errors 2501, 2601 and 2604. 

When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object xxxxxxx - Error code=8007077f.  The Exchange Active Directory Topology service will continue with limited permissions.

For my experience it turns out a tunnel adapter on the 2950 is mapping a DNS record on IPv6.  I thought I had disabled all the IPv6 pieces but I was mistaken. 

The following recipe should be what is needed to disable all pieces of IPv6 on Windows Server 2008 (As well as Vista) as well as enabling ping on IPv4.


Enable Pings, Firewall doesn't allow IPv4 pings
                Server Manager / Configuration / Windows Firewall with Advanced... / Inbound Rules
                                Action / New Rule
                                                Select Custom
                                                                Next
                                                Select All Programs
                                                                Next
                                                Protocol Type = ICMPv4
                                                                Next
                                                Local Ip Address = Any
                                                Remote IP Address = Any
                                                                Next
                                                Select allow the connection
                                                                Next
                                                Check Domain
                                                Check Private
                                                Check Public
                                                                Next
                                                Name = IPv4
                                Finish
 
Network
                Right Click Network Places
                Select Manage Network Connections For each enabled and used NIC
                                Right Click - Local Area Connection - Select Properties
                                                Networking Tab                               
                                                                DeSelect IPv6
                                                Close
 
Disables tunneling but not the loopback interface
                Regedit  (For additional info http://technet.microsoft.com/en-us/library/bb878057.aspx)
                                Add the following key
                                                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
                                                                DWORD => FFFFFFFF
 
Change the Nic Provider Order
                Network Connections
                                Advanced
                                                Advanced Settings
                                                                Provider Order
                                                                                Move Microsoft Windows Networks to the top

Published Thursday, March 19, 2009 8:36 PM by Paul Bergson

Comments

Friday, March 20, 2009 6:35 AM by trejrco

# re: Disabling IPv6 on Windows 2008

While this is a nice, thorough write-up I would be more curious to hear how to actually fix the "cluster vs IPv6" problem than in "simply" disabling IPv6 ...

I am admittedly a bit biased (I work in the "IPv6 field"), but I get concerned every time I see a recommendation to "just kill it", atleast when this is done without any commentary on the unexpected repercussions / the possible need to undo this in the next 0-3 years.

Just my $.02.

/TJ

# Adding a windows 2008 DC to awindows 2003 domain | keyongtech

Saturday, July 25, 2009 3:34 AM by Disable IPv6 « Sladescross's Blog

# Disable IPv6 « Sladescross's Blog

Saturday, February 13, 2010 11:58 AM by MWeber's Blog

# Upgrading an Active Directory Domain from Windows Server 2000 to Windows Server 2008 or Windows Server 2008 R2

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!! If you have installed

Saturday, February 13, 2010 12:15 PM by MWeber's Blog

# Upgrading an Active Directory Domain from Windows Server 2003 to Windows Server 2008 or Windows Server 2008 R2

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!! If you have installed

# How to Disable RSS TCP Chimney Feature and IPv6

How To Disable IPv6 Ace Fekay, MCT, MCTIP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA

Tuesday, January 04, 2011 10:40 AM by The things that are better left unspoken

# Why rücksichtlos disabling IPv6 is a bad idea

Since Windows Vista, Microsoft has bundled and enabled IPv6 by default. This means Windows Vista, Windows

Friday, July 01, 2011 2:02 PM by Paul Bergson

# Configuring IPv4 as Default over IPv6

Starting with Windows Vista and Server 2008, IPv6 is the default over IPv4. This can be annoying if your

Tuesday, September 30, 2014 4:27 AM by The Logo Creator

# The Logo Creator

Paul Bergson (MVP - Directory Services) : Disabling IPv6 on Windows 2008

Anonymous comments are disabled