Ping not working correctly

[CCS-IT]

Hi Guys,

 

We have a problem with our environment. we have DHCP server configured with Public IP range in SCOPE hence our client machine (windows 7/8) received the same range of IP address. However in our DNS server we found there are IPv6 (Host AAAA) records has been created along with host A record for any individual system. 

 

when we ping to any system it will give as RTO because it's got response from IPv6.

 

We have unchecked the IPv6 option from NIC properties. 

 

As per the MS article,  https://support.microsoft.com/en-us/kb/929852

 

About the 6to4 tunneling protocol

By default, the 6to4 tunneling protocol is enabled in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 when an interface is assigned a public IPv4 address (that is, an IPv4 address that is not in the ranges 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). 6to4 automatically assigns an IPv6 address to the 6to4 tunneling interface for each such address that is assigned, and 6to4 will dynamically register these IPv6 addresses on the assigned DNS server. If this behavior is not desired, we recommend that you disable IPv6 tunnel interfaces on the affected hosts.

As we used same range of DHCP scope (Public IP range) since last 3 years but such issue is just occurs recently... Anyone faced such issue? please assist me on this case.

 

Thanks in advance. 

[+BudMan MVC]

If you are not ready to use IPv6, I really would suggest you disable it completely..

 

http://support.microsoft.com/en-us/kb/929852

 

This can be done via group policy you might want to look here

http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx

 

What does your ipconfig /all look like on a windows machine?  Out of the box your going to get link-local addresses on the interface.  Out of the box all addresses on this interface will be registered via dns in AD, etc. Out of the box ipv6 would be used first if you get a response for AAAA dns query.

 

Again highly recommend if your not ready to use ipv6 in your network, that you just completely disable it. This is a simple enough to turn on and turn off.

 

If you see any ipv6 stuff on your interface in ipconfig /all then yeah its most likely going to to get registered in DNS that can cause you grief if not actively setup to actually use ipv6.  Also all those nonsense transition to ipv6 interfaces like teredo, 6to4 and isatap should also just be disable and removed.. Unless you were actively wanting to use 1.. And then that 1 should be setup and the others turned off.  See the kb article linked too.

 

Ipv6 is coming, but unless your up to speed on it - it causes problems!! For example the one your seeing - it also causes noise that just serves no purpose on the network unless actively using ipv6.  Also after cleanup your ipconfig /all will be much cleaner

 

I don't ever have any of the teredo, isatap, 6to4 stuff since I have cleaned that up - but I do have ipv6 configured and can enable or disable it with the checkbox in the network interface props.  So you see the top ipconfig /all when I have it disabled.  When I enable it I have both a global ipv6 address, the one that starts with 2001, and then the link local address the fe80 address.

 

Simple way to explain link local is think of them of private IPs (rfc1918) that are not routable on the public internet, 192.168.1.0/24 for example.  While if its a global ipv6 address then its public IP.  link locals can and are used on your local network.  But as stated, you really don't want those registered in your AD dns unless unless your network is really ready for use of ipv6 on a global setup.

[CCS-IT]

ipconfig /all:

 

   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection

 

   Physical Address. . . . . . . . . : 14-58-xx-xx-xx-xx

 

   DHCP Enabled. . . . . . . . . . . : Yes

 

   Autoconfiguration Enabled . . . . : Yes

 

   Link-local IPv6 Address . . . . . : fe80::xxxxx:xx:xx:%11(Preferred)

 

   IPv4 Address. . . . . . . . . . . : 161.xx.xx.x4(Preferred)

 

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

 

   Lease Obtained. . . . . . . . . . : Monday, March 28, 2015 8:53:52 AM

 

   Lease Expires . . . . . . . . . . : Tuesday, April 03, 2015 8:53:53 AM

 

   Default Gateway . . . . . . . . . : 161.xx.xx.xx

 

   DHCP Server . . . . . . . . . . . : 10.xx.xx.136

 

   DHCPv6 IAID . . . . . . . . . . . : 29887

 

   DHCPv6 Client DUID. . . . . . . . : 00-01-90-01-1S-87-O8-FD-14-28-D0-BA-7H-61

 

 

 

   DNS Servers . . . . . . . . . . . : 10.xx.xx.131

 

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

 

 

Tunnel adapter 6TO4 Adapter:

 

 

 

   Connection-specific DNS Suffix  . :

 

   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2

 

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

 

   DHCP Enabled. . . . . . . . . . . : No

 

   Autoconfiguration Enabled . . . . : Yes

 

   IPv6 Address. . . . . . . . . . . : 2002:a1fp:d6a::a1fp:d7a(Preferred)

 

   Default Gateway . . . . . . . . . :

 

   DNS Servers . . . . . . . . . . . : 10.xx.xx.131

 

 

   NetBIOS over Tcpip. . . . . . . . : Disabled

[CCS-IT]

Recently installed MS patches will affect this settings? because as I stated in my original post it was working fine from last 3 years. Issue is just reported on March 21st 2015. Any clue ?

[+BudMan MVC]

And have you disabled ipv6??  Your 6to4 has address

 

2002:a1fp:d6a::a1fp:d7a(Preferred)

 

Pretty sure its going to try and register than.. Do a query for that computer name against your dns.. Do you get back ipv6 in a AAAA ?  When a computer has  public IPv6, that 6to4 will be used and will try will register in AD..

 

Here this is perfect article that goes over your issue with that 6to4

 

http://blogs.technet.com/b/askpfeplat/archive/2013/11/18/ipv6-for-the-windows-administrator-the-2002-6to4-tunnel-address-and-its-impact.aspx

 

Again if you are not ready to use ipv6 on your network, the cleanest approach is just disable it completely, remove all the adapters isatap, 6to4, teredo - you have no need for those - do you??  If you did you would have properly set the one you wanted to use up and disable the others you would of thunk

 

Your other option so that 6to4 does not create address is no use public IP space on an internal network.

[CCS-IT]

Thanks Budman, Issue is now resolved, we created GPO were configured IPv4 preference order over the IPv6. 

 

reference URL as you shared in your previous post.

http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx

 

Thanks  

[+BudMan MVC]

so you set it to prefer ipv4 but did not remove all the teredo, isatap 6to4 crap?

[CCS-IT]

so you set it to prefer ipv4 but did not remove all the teredo, isatap 6to4 crap?

NO

[+BudMan MVC]

no you didn't remove the crap  Why?

[CCS-IT]

no you didn't remove the crap  Why?

Cause, system start pining to destination with IPv4, So issue just resolved that's why we didn't remove any thing. from few system we just disabled the 6to4 adopter from device manager.

 

Will remove the rest system in any weekend now. Thanks for your help Budman...  I really appreciate. 

[+BudMan MVC]

"just disabled the 6to4 adopter from device manager."

 

Not really proper way to disable it, done with a simple netsh cmd

netsh interface ipv6 6to4 set state disabled

Or can be disabled with proper flags in disabledcomponents for ipv6

 

https://support.microsoft.com/en-us/kb/929852