Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help
 
 
in Search
Home Blogs Photos

Paul Bergson

Disabling IPv6 on Windows 2008

I have run into nothing but trouble with IPv6.  Not that there is anything in particular that is wrong, but not all apps understand and can work with it.  For example I am running a geographically dispersed cluster on a Windows server with 2008 Exchange 2007 on a Dell 2950.  I am getting these odd Event Log errors 2501, 2601 and 2604. 

When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object xxxxxxx - Error code=8007077f.  The Exchange Active Directory Topology service will continue with limited permissions.

For my experience it turns out a tunnel adapter on the 2950 is mapping a DNS record on IPv6.  I thought I had disabled all the IPv6 pieces but I was mistaken. 

The following recipe should be what is needed to disable all pieces of IPv6 on Windows Server 2008 (As well as Vista) as well as enabling ping on IPv4.


Enable Pings, Firewall doesn't allow IPv4 pings
                Server Manager / Configuration / Windows Firewall with Advanced... / Inbound Rules
                                Action / New Rule
                                                Select Custom
                                                                Next
                                                Select All Programs
                                                                Next
                                                Protocol Type = ICMPv4
                                                                Next
                                                Local Ip Address = Any
                                                Remote IP Address = Any
                                                                Next
                                                Select allow the connection
                                                                Next
                                                Check Domain
                                                Check Private
                                                Check Public
                                                                Next
                                                Name = IPv4
                                Finish
 
Network
                Right Click Network Places
                Select Manage Network Connections For each enabled and used NIC
                                Right Click - Local Area Connection - Select Properties
                                                Networking Tab                               
                                                                DeSelect IPv6
                                                Close
 
Disables tunneling but not the loopback interface
                Regedit  (For additional info http://technet.microsoft.com/en-us/library/bb878057.aspx)
                                Add the following key
                                                HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6Parameters\DisabledComponents
                                                                DWORD => FFFFFFFF
 
Change the Nic Provider Order
                Network Connections
                                Advanced
                                                Advanced Settings
                                                                Provider Order
                                                                                Move Microsoft Windows Networks to the top

Published donderdag 19 maart 2009 20:36 by pbbergs

Comments

 

trejrco said:

While this is a nice, thorough write-up I would be more curious to hear how to actually fix the "cluster vs IPv6" problem than in "simply" disabling IPv6 ...

I am admittedly a bit biased (I work in the "IPv6 field"), but I get concerned every time I see a recommendation to "just kill it", atleast when this is done without any commentary on the unexpected repercussions / the possible need to undo this in the next 0-3 years.

Just my $.02.

/TJ

maart 20, 2009 6:35
 

Adding a windows 2008 DC to awindows 2003 domain | keyongtech said:

PingBack from http://www.keyongtech.com/5121547-adding-a-windows-2008-dc

april 6, 2009 15:08
 

Disable IPv6 « Sladescross's Blog said:

PingBack from http://sladescross.wordpress.com/2009/07/25/disable-ipv6/

juli 25, 2009 3:34
 

MWeber's Blog said:

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!! If you have installed

februari 13, 2010 11:58
 

MWeber's Blog said:

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!! If you have installed

februari 13, 2010 12:15
 

Ace Fekay's Active Directory, Exchange and Windows Infrastructure Services Blog said:

How To Disable IPv6 Ace Fekay, MCT, MCTIP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA

mei 27, 2010 16:57
Anonymous comments are disabled

This Blog

Syndication

© Copyright 2005 - 2010 DIRTEAM.COM. All rights reserved.

The information on this website is provided for informational purposes only and the authors make no warranties, either express or implied. Information in these documents, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user.

Active Directory, Microsoft, MS-DOS, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.


Powered by Community Server (Personal Edition), by Telligent Systems