Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Cannot disable Teredo in Windows 7

Unanswered Cannot disable Teredo in Windows 7

  • Friday, March 08, 2013 8:01 AM
     
     
    Sign In to Vote
    0

    Hello there,

    we are having problems with using IPHTTPS with Direct Access. Teredo works fine.

    In order to troubleshoot the problem I tried to disable the Teredo adapter on my Windows 7 via the netsh command:
    netsh interface teredo set state disabled

    As I understand this should stop the Teredo interface immediately and the system should the fall back on IPHTTPS, which would make troubleshooting possible.

    And this doesn't work, even when I disable the Teredo adapter it stays "online" and Direct Access continues working. When I do ipconfig /all I can see that the Teredo adapter is still the one in use.

    Any ideas,

    thanks in advance, Marcus

     

All Replies

  • Friday, March 08, 2013 9:04 AM
     
     
    Sign In to Vote
    0

    Hi

    Are you sure that IPHTTPS interface is operational?

    If it's not the case your computer have no other choice. Try a NETSH.EXE INTERFACE HTTPSTUNNEL SHOW INTERFACE.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

     
  • Tuesday, March 12, 2013 7:48 AM
     
     
    Sign In to Vote
    0

    This is what it says (in German)

    C:\Windows\system32>NETSH.EXE INTERFACE HTTPSTUNNEL SHOW INTERFACE

    Parameter für die Schnittstelle IPHTTPSInterface (Group Policy)
    ------------------------------------------------------------
    Rolle                       : client
    URL                        : https://da.visatec.net:443/IPHTTPS
    Letzter Fehlercode            : 0x0
    Schnittstellenstatus           : Die IP-HTTPS-Schnittstelle ist deaktiviert.

    which means it is disabled, but I never did that.

    When I check this registry entry HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState is on 0.

    Any ideas?

     
  • Tuesday, March 12, 2013 9:26 AM
     
     
    Sign In to Vote
    0

    Hi<o:p></o:p>

    There is one case in which Teredo does not disable,it's when enterprise client mode was enabled. Please use NETSH.EXE INTERFACE
    TEREDO SHOW STATE to check the Teredo Type value. If it's ENTERPRISE CLIENT, teredo never disables itself. Reconfigure your client with the following command "NETSH INTERFACE TEREDO SET STATE CLIENT" if it's not enforcer through GPO. Otherwise, just create an outgoing firewall rule that block UDP3544 protocol on your DirectAccess client. This will completely block Teredo and force your client to use IPHTTPS.     Teredo and force your client to use IPHTTPS.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

     
  • Wednesday, March 13, 2013 2:10 PM
     
     
    Sign In to Vote
    0

    The Teredo settings come from the DirectAccess GPO, and sometimes running the manual command takes a few tries before it will "stick". And even then, it may revert itself back after it receives a Group Policy update.

    netsh int teredo set state disabled will work - even if it's set to EnterpriseClient state, but you may have to enter that command a few times.

    Or you can use a GPO to fight the other GPO - setup a GPO that disables Teredo at that level, assign it to your test computer, and do it that way. A little more involved though. :)