Should I Disable IPv6? No…

Should I Disable IPv6?  No…


Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
Active Directory, Exchange and Windows Infrastructure Engineer


Published May 29, 2010 at 3:14 PM EST
Edits:
10/6/2010  – Added Microsoft KB929852 link on disabling IPv6
10/15/2010 – Added info: It’s no longer recommended to disable IPv6 and changed title to reflect the change


 


Preface


This topic has been discussed numerous times. Previously in this article I wrote:


There are known issues regarding IPv6 affecting communications in certain scenarios, such as with errors when using Outlook Anywhere such as to fix an Exchange 2007 running on WIndows 2008 when there is a DC NSPI port 6004 communication issue.


Read the link in the “Related Links” section below for more information on this issue. Therefore, to eliminate communications issues regarding whether this is a factor or not, it is recommended to disable IPv6 in registry on the Exchange server, as well as on the domain controllers, or any server for that matter, especially if there are no plans in using IPv6. For the same reasons, it is also recommended to disable the RSS TCP Chimney Offload feature on the same servers.


IPv6 provides a robust means for IP addressing that offers additional information in the IP address. However, if the current network does not have the necessary supporting hardware to support it, such as a router, nor if IPv6 is currently in use, some say it’s additional overhead on the machine, which many have claimed, including myself in the past, to recommend disabling it. There is also an incompatibility with using IPv6 with UNC paths, such as mapping a drive using an IPv6 address, but I don’t think that’s relevent to the context of this article.


However, things have changed. The only time to disable IPv6 is with the above scenario using Exchange 2007 on a Windows 2008 server. At no other time should you disable IPv6. It must be kept enabled, or it will break many features in Windows. Read the next section…


 


Should I Disable IPv6?


No.


When I originally wrote this article, my original recommendations to disable IPv6 were based on a problem I found back in 2008 with an Exchange 2007 installation on Windows 2008 and DSAccess communications to a Windows 2008 DC/GC. I couldn’t figure out what was causing it. I finally called Microsot PSS. After some digging around, the support engineer recommended disabling IPv6, which he said was causing the issue. It actually fixed the communications problem. He referenced an article explaining the issue:


The installation of the Exchange Server 2007 Hub Transport role may be unsuccessful on a Windows Server 2008-based computer
http://support.microsoft.com/?kbid=952842



However, that article has been retired and is no longer available. Microsoft is now recommending to keep IPv6 enabled. You can read more about it in this article, which I highly suggest reading it:

The Cable Guy – Support for IPv6 in Windows Server 2008 R2 and Windows 7, by Joseph Davies, Microsoft, Inc.
http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx


Basically, Joseph Davies in the above article, said (quoted directly from the article):


The Argument against Disabling IPv6


It is unfortunate that some organizations disable IPv6 on their computers running Windows Vista or Windows Server 2008, where it is installed and enabled by default. Many disable IPv6-based on the assumption that they are not running any applications or services that use it. Others might disable it because of a misperception that having both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. This is not true.


From Microsoft’s perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions, some components will not function. Moreover, applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.


Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.


.


.




Ipconfig /all shows IPv6 “::1″ Loopback address as the First DNS Entry


In some cases, there may be some issues with IPv6 because it is the default protocol. When you run an ipconfig /all, you may find that the IPv6 “::1″ Loopback address shows up as a DNS address when you run an ipconfig /all. Because it’s at the top of the DNS addresses, some say it slows down resolution because the resolver is trying to use an IPv6 address to resolve it first before attempting to resolve the IPv4 address.


Who cares. Leave it alone. What harm is it doing? Just because it doesn’t look right?


Well, if you really want to remove the ::1, you can, although to me, it’s really a cosmetic thing when running nslookup. If it will make you feel warm and fuzzy not to see it, and rather see the IPv4 address, you can remove it using the following steps.


.


You can delete the “::1″ IPv6 loopback address by the following method.


Run an ipconfig /all. Determine the “Local Area Connection” name. In the example below, I used “Local Area Connection” for the interface name:


netsh interface ipv6 delete dnsserver “Local Area Connection” ::1



You can add it back in, if you like: 


netsh interface ipv6 add dnsserver “Local Area Connection” ::1


 .


For more info on the netsh command reference for Windows 2008 & 2008 R2, see the following. For command info on IPv6, click on “Netsh Command for Interface IPv4 and IPv6,” then click on ” Netsh commands for Interface IPv6.” :


Netsh Command Reference
(Comprehensive Command Reference) – Updated: July 2, 2009 – Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
http://technet.microsoft.com/en-us/library/cc754516(WS.10).aspx


.


.




Originally, I illustrated in this blog to do it in the following fashion from a previous post (provided below), however this appears to not work for some. I suggest running the method above.


You can eliminate that from showing up on that specific interface. One way to do that is to find the IDX# of the interface by running:


netsh interface ipv6 show interfaces


Once you’ve identified the IDX# for that interface, you can delete it on that specific interface by running:


netsh interface ipv6 delete dnsserver name=”IDX#” address=::1


You’ll find resolution will be quicker, as well as not getting that familiar nslookup initialization error message saying it “can’t find server…”



Originally posted in:


Windows 2008 R2 with AD integerated DNS
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/29b204fd-fabc-4715-9891-95eb86bd1d32/?prof=required


 .


 .


Windows 2008 R2, and Windows 7 will use IPv6 as the first preferred protocal.


In my opinion, if you just leave things as default, things will work fine.


However, for whatever reason you want to alter these settings, whether real or imagined, that is your choice.


That disclaimer out of the way, if you still need to force the TCP stack to use IPv4 first instead of IPv6, you can do so in the registry. The following procedure in this section was quoted from the following Microsoft KB article:


How to disable IP version 6 (IPv6) or its specific components in Windows 7, in Windows Vista, in Windows Server 2008 R2, and in Windows Server 2008
http://support.microsoft.com/kb/929852


.


To force the system to use IPv4 first, before IPv6


The key you are looking for is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents. If it doesn’t exist, you have to created it.


Or if you do not want to do this manual procedure, you can now use the Microsoft “Mr Fix It” script to automatically do it for you. The scripts are in the KB929852 article above.


  1. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \

  2. Double-click DisabledComponents to modify the DisabledComponents entry.
    Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:
    1. In the Edit menu, point to New, and then click DWORD (32-bit) Value.
    2. Type DisabledComponents, and then press ENTER.
    3. Double-click DisabledComponents.
  3. Type 0x20 to prefer IPv4 over IPv6 by modifying entries in the prefix policy table.

.


.


Again, do not disable IPv6


However, if you still need to disable IPv6, the following steps show how To Disable IPv6 on 2008 (non-SBS 2008), Vista or Windows 7 


Note: You can now use the Microsoft “Mr Fix It” script to automatically disable it, see:


How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7 and Windows Server 2008
http://support.microsoft.com/kb/929852


 .


You can also do it manually: The following steps are from:


How to disable certain Internet Protocol version 6 (IPv6) components in Windows Vista, Windows 7 and Windows Server 2008
http://support.microsoft.com/kb/929852


The installation of the Exchange Server 2007 Hub Transport role is unsuccessful on a Windows Server 2008-based computer
(This article is no longer available. It originally recommended to disable IPv6 to overcome Exchagne 2007 installed on Windows 2008 (not 2008 R2) that have DSAccess NSPI to GC Communications issues.)
http://support.microsoft.com/?id=952842


Paul Berg also has a good article on disabling IPv6, too:
Disabling IPv6 on Windows 2008 or Vista
http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx


 


  1. Uncheck IPv6 in NIC properties
  2. Uncheck the two LinkLayer Topology Discovery components
  3. Then Navigate to:
  4. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
    • In the details pane, click New, and then click DWORD (32-bit) Value.
    • Type in DisabledComponents , and then press ENTER.
    • Double-click DisabledComponents,
    • Type 0xffffffff in Hexadecimal.
    • It should look like this if you’ve entered it correctly:
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
      • “DisabledComponents”=dword:ffffffff


.


Or more specifically, and with a complete list of values this key supports:


  1. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \

  2. Double-click DisabledComponents to modify the DisabledComponents entry.

    Note If the DisabledComponents entry is unavailable, you must create it. To do this, follow these steps:
    1. In the Edit menu, point to New, and then click DWORD (32-bit) Value.
    2. Type DisabledComponents, and then press ENTER.
    3. Double-click DisabledComponents.
  3. Type any one of the following values in the Value data: field to configure the IPv6 protocol to the desired state, and then click OK:
    1. Type 0 to enable all IPv6 components. (Windows default setting)
    2. Type 0xffffffff to disable all IPv6 components, except the IPv6 loopback interface.
    3. Type 0x20 to prefer IPv4 over IPv6 by modifying entries in the prefix policy table.
    4. Type 0x10 to disable IPv6 on all nontunnel interfaces (on both LAN and Point-to-Point Protocol [PPP] interfaces).
    5. Type 0x01 to disable IPv6 on all tunnel interfaces. These include Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 6to4, and Teredo.
    6. Type 0x11 to disable all IPv6 interfaces except for the IPv6 loopback interface.


 .


 .



Disabling IPv6 on SBS 2008


Don’t do it. But if you must, to disable IPv6 on SBS 2008 is slightly different.


Read the reasons why, and the instructions in the following link, but as noted above, it’s no longer recommended to disable IPv6.


Issues After Disabling IPv6 on Your NIC on SBS 2008
http://blogs.technet.com/sbs/archive/2008/10/24/issues-after-disabling-ipv6-on-your-nic-on-sbs-2008.aspx



.


Related Links




TCP Chimney and RSS Features May Cause Slow File Transfers or Cause Connectivity Problems:
http://msmvps.com/blogs/acefekay/archive/2009/08/20/tcp-chimney-and-rss-features-may-cause-slow-file-transfers-or-cause-connectivity-problems.aspx


 .


.



Comments, suggestions, corrections are all welcomed.


Ace Fekay

Leave a Reply