Recommended Posts

Hi Guys,

 

We have a problem with our environment. we have DHCP server configured with Public IP range in SCOPE hence our client machine (windows 7/8) received the same range of IP address. However in our DNS server we found there are IPv6 (Host AAAA) records has been created along with host A record for any individual system. 

 

when we ping to any system it will give as RTO because it's got response from IPv6.

 

We have unchecked the IPv6 option from NIC properties. 

 

As per the MS article,  https://support.microsoft.com/en-us/kb/929852

 

About the 6to4 tunneling protocol

By default, the 6to4 tunneling protocol is enabled in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 when an interface is assigned a public IPv4 address (that is, an IPv4 address that is not in the ranges 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). 6to4 automatically assigns an IPv6 address to the 6to4 tunneling interface for each such address that is assigned, and 6to4 will dynamically register these IPv6 addresses on the assigned DNS server. If this behavior is not desired, we recommend that you disable IPv6 tunnel interfaces on the affected hosts.

As we used same range of DHCP scope (Public IP range) since last 3 years but such issue is just occurs recently... Anyone faced such issue? please assist me on this case.

 

Thanks in advance. 

Link to comment
https://www.neowin.net/forum/topic/1252322-ping-not-working-correctly/
Share on other sites

If you are not ready to use IPv6, I really would suggest you disable it completely..

 

http://support.microsoft.com/en-us/kb/929852

 

This can be done via group policy you might want to look here

http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx

 

What does your ipconfig /all look like on a windows machine?  Out of the box your going to get link-local addresses on the interface.  Out of the box all addresses on this interface will be registered via dns in AD, etc. Out of the box ipv6 would be used first if you get a response for AAAA dns query.

 

Again highly recommend if your not ready to use ipv6 in your network, that you just completely disable it. This is a simple enough to turn on and turn off.

 

If you see any ipv6 stuff on your interface in ipconfig /all then yeah its most likely going to to get registered in DNS that can cause you grief if not actively setup to actually use ipv6.  Also all those nonsense transition to ipv6 interfaces like teredo, 6to4 and isatap should also just be disable and removed.. Unless you were actively wanting to use 1.. And then that 1 should be setup and the others turned off.  See the kb article linked too.

 

Ipv6 is coming, but unless your up to speed on it - it causes problems!! For example the one your seeing - it also causes noise that just serves no purpose on the network unless actively using ipv6.  Also after cleanup your ipconfig /all will be much cleaner ;)

 

I don't ever have any of the teredo, isatap, 6to4 stuff since I have cleaned that up - but I do have ipv6 configured and can enable or disable it with the checkbox in the network interface props.  So you see the top ipconfig /all when I have it disabled.  When I enable it I have both a global ipv6 address, the one that starts with 2001, and then the link local address the fe80 address.

post-14624-0-42856200-1428078883.png

 

Simple way to explain link local is think of them of private IPs (rfc1918) that are not routable on the public internet, 192.168.1.0/24 for example.  While if its a global ipv6 address then its public IP.  link locals can and are used on your local network.  But as stated, you really don't want those registered in your AD dns unless unless your network is really ready for use of ipv6 on a global setup.

ipconfig /all:

 

   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
 
   Physical Address. . . . . . . . . : 14-58-xx-xx-xx-xx
 
   DHCP Enabled. . . . . . . . . . . : Yes
 
   Autoconfiguration Enabled . . . . : Yes
 
   Link-local IPv6 Address . . . . . : fe80::xxxxx:xx:xx:%11(Preferred)
 
   IPv4 Address. . . . . . . . . . . : 161.xx.xx.x4(Preferred)
 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
   Lease Obtained. . . . . . . . . . : Monday, March 28, 2015 8:53:52 AM
 
   Lease Expires . . . . . . . . . . : Tuesday, April 03, 2015 8:53:53 AM
 
   Default Gateway . . . . . . . . . : 161.xx.xx.xx
 
   DHCP Server . . . . . . . . . . . : 10.xx.xx.136
 
   DHCPv6 IAID . . . . . . . . . . . : 29887
 
   DHCPv6 Client DUID. . . . . . . . : 00-01-90-01-1S-87-O8-FD-14-28-D0-BA-7H-61
 
 
 
   DNS Servers . . . . . . . . . . . : 10.xx.xx.131
 
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
 
 
Tunnel adapter 6TO4 Adapter:
 
 
 
   Connection-specific DNS Suffix  . :
 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
 
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
 
   DHCP Enabled. . . . . . . . . . . : No
 
   Autoconfiguration Enabled . . . . : Yes
 
   IPv6 Address. . . . . . . . . . . : 2002:a1fp:d6a::a1fp:d7a(Preferred)
 
   Default Gateway . . . . . . . . . :
 
   DNS Servers . . . . . . . . . . . : 10.xx.xx.131
 
 
   NetBIOS over Tcpip. . . . . . . . : Disabled

And have you disabled ipv6??  Your 6to4 has address

 

2002:a1fp:d6a::a1fp:d7a(Preferred)

 

Pretty sure its going to try and register than.. Do a query for that computer name against your dns.. Do you get back ipv6 in a AAAA ?  When a computer has  public IPv6, that 6to4 will be used and will try will register in AD..

 

Here this is perfect article that goes over your issue with that 6to4

 

http://blogs.technet.com/b/askpfeplat/archive/2013/11/18/ipv6-for-the-windows-administrator-the-2002-6to4-tunnel-address-and-its-impact.aspx

 

Again if you are not ready to use ipv6 on your network, the cleanest approach is just disable it completely, remove all the adapters isatap, 6to4, teredo - you have no need for those - do you??  If you did you would have properly set the one you wanted to use up and disable the others you would of thunk ;)

 

Your other option so that 6to4 does not create address is no use public IP space on an internal network.

Thanks Budman, Issue is now resolved, we created GPO were configured IPv4 preference order over the IPv6. 

 

reference URL as you shared in your previous post.

http://social.technet.microsoft.com/wiki/contents/articles/5927.how-to-disable-ipv6-through-group-policy.aspx

 

Thanks :) 

  On 22/04/2015 at 12:51, BudMan said:

no you didn't remove the crap  Why?

Cause, system start pining to destination with IPv4, So issue just resolved that's why we didn't remove any thing. from few system we just disabled the 6to4 adopter from device manager.

 

Will remove the rest system in any weekend now. Thanks for your help Budman...  I really appreciate.  :)

  • 1 month later...

"just disabled the 6to4 adopter from device manager."

 

Not really proper way to disable it, done with a simple netsh cmd

netsh interface ipv6 6to4 set state disabled

Or can be disabled with proper flags in disabledcomponents for ipv6

 

https://support.microsoft.com/en-us/kb/929852

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I am forced to use Windows for two reasons. The Adobe package does not run on Linux and I do not have enough money to buy an Apple M3 or M4. Otherwise I would have abandoned Windows a long time ago. I use Linuxmint on a virtual machine and it is clear how fast it is compared to the rigid Windows. We have had multi-core processors for a long time but they do not exist for Windows. They only think about useless things shoved down the customers' throats.
    • Yeah what can you expect in the first 4 years?? Where on your body is the Zune tattoo?
    • Microsoft still tries really hard to convince people about Windows 11. It does not realize, the harder it tries the more people hate it. And it is not people's fault. It is MS that tries violently to own your computing environment without your consent. Cheers MS!
    • I've got a basic black and white laser printer that's connected via USB and doesn't do wifi etc. I think I'm going to be just fine.
    • Edge 138 is out with AI-powered history search and other changes by Taras Buria Microsoft has released Edge 138, the latest major update for the browser. Version 138.0.3351.55 introduces some interesting changes and new features, such as AI-powered history search. There are also several bug fixes and security patches. For regular users, the biggest and most important change in Edge 138 is AI-powered history search. This feature allows you to find sites in your history using synonyms, phrases, or misspelled words. Microsoft uses an on-device model, which does not send your data anywhere. Note that this feature is rolling out gradually, which means it might take a few days or weeks to show up on your system. Another useful change is new performance notifications. Performance and Extensions Detector notifications may appear in the main menu when the browser detects performance dips to help users learn about available performance-optimization tools. Autofill settings received a new consent toggle, which allows Microsoft to improve the autofill capabilities by collecting field names as you browse. This only applies to field names, such as "First Name, "Email," etc. It does not send the data you enter or autofill to Microsoft. Other changes include the following: Use the Primary work profile as the default profile to open external links. With this feature, for Windows, Edge checks if the Primary Work Profile exists and makes it the default profile for opening external links if available. Microsoft 365 Copilot Chat Summarization in Microsoft Edge Context Menu. This feature helps users quickly unpack and ask questions about their open page. Copilot on the Microsoft Edge New Tab Page (NTP). Users may see suggested work and productivity-related Copilot prompts in their search box on the NTP page. Adding support for viewing Sensitivity labels applied to a Microsoft Information Protection (MIP) Protected PDF. Enterprise customers can view sensitivity labels applied to MIP protected PDF to be well informed of the data classification to enable them to handle such sensitive documents. And here is what was fixed: Fixed an issue that caused WebDriver automation to fail in Microsoft Edge versions 133 and later. Fixed an issue where re-enabled textarea elements remained non-editable. This issue affected activating a role assignment in Privileged Identity Management. Finally, Edge 138 patches six security vulnerabilities, three of which were Microsoft Edge-specific, and the remaining three originated from Chromium. You can find details about those fixes here. The next Microsoft Edge update, version 139, is expected in the week of August 7, 2025.
  • Recent Achievements

    • Week One Done
      suprememobiles earned a badge
      Week One Done
    • Week One Done
      Marites earned a badge
      Week One Done
    • One Year In
      runge100 earned a badge
      One Year In
    • One Month Later
      runge100 earned a badge
      One Month Later
    • One Month Later
      jfam earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      562
    2. 2
      +FloatingFatMan
      177
    3. 3
      ATLien_0
      168
    4. 4
      Michael Scrip
      123
    5. 5
      Xenon
      122
  • Tell a friend

    Love Neowin? Tell a friend!