none
IPv6 prefered over IPv4, but IPv6 connectivity not possible

    Question

  • We are having an issue with some of out laptops when they are on our Corporate LAN.

    The issue is that some of the clients prefer IPv6 over IPv4 for internet hosts that are both IPv4 and IPv6 enabled. I understood from the documentation that IPv6 is always the preferred connection method when it is available, but IPv6 is not configured on the outside of firewall so IPv6 connectivity over the internet is not possible at all.
    Only on the LAN we run some servers dual stack. 

    All laptops are configured for DirectAccess, but inside the LAN the HTTPS tunnel is not active of course.

    dns query for google.com returns

    C:\>nslookup google.com
    Server:  dc01.contoso.com
    Address: 10.1.1.100

    Non-authoritative answer:
    Name:    google.com
    Addresses:  2a00:1450:400c:c02::65
              74.125.71.100
              74.125.71.101
              74.125.71.113
              74.125.71.138
              74.125.71.102
              74.125.71.139

    On most laptops in our LAN when I do a ping to google.com it prefers IPv4 over IPv6 and I get a reply.
    On some laptops in our LAN when I do a ping to google.com it prefers IPv6 over IPv4 and I don't get a reply.

    I have a working and non-working laptop on my desk. Both the same hardware model and both a clean install of the same Windows 7 enterprise x64 image.
    Both on the same network switch and vlan. Output of ipconfig /all is identical, apart from the ip addresses of course. 

    https://support.microsoft.com/en-us/kb/929852 explains how to configure Windows 7 to prefer IPv4 over IPv6

    However, the output for prefixpolicies is the same on both laptops
    so that also doesn't explain why both laptops behave differently

    C:\>netsh interface ipv6 show prefixpolicies
    Querying active state...
    Precedence  Label  Prefix
    ----------  -----  --------------------------------
            50      0  ::1/128
            40      1  ::/0
            30      2  2002::/16
            20      3  ::/96
            10      4  ::ffff:0:0/96
             5      5  2001::/32

    and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents doesn't exist on both laptops.

    If I right click the network adapter and click status then for both laptops it shows that there is No internet access for IPv6 Connectivity.

    For internet browsing this is not such a big issue, cause if you browse to google.com it will first try IPv6 and then after a timeout IPv4. 
    But for Outlook connectivity this is an issue for us cause Outlook connects to outlook.office365.com which is ipv6 enabled and the Outlook only tries on the IPv6 address and never IPv4. Outlook hangs in a connecting state.

    There must be a difference somewhere in both laptops, but what..?

    Any hint or idea to dig in to this further is much appreciated.

      
    Thursday, October 1, 2015 1:32 PM

Answers

All replies

  • Hi Mister lks,

    Have you tried this fix?
    https://support.microsoft.com/en-us/kb/2533454

    On the problematic laptop, add the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ DisabledComponents, and set the value to 0x20. Then test again.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, October 2, 2015 8:46 AM
    Moderator
  • Thanks for your reply

    That key is also mentioned in https://support.microsoft.com/en-us/kb/929852 

    I can use this key as a workaround to prefer IPv4, but on both my test machines this key doesn't exist so it doesn't explain why one machine prefers IPv4 and the other machine IPv6

    Monday, October 5, 2015 10:01 AM
  • Hi Mister,

    Have you enabled force tunnelling? If yes, disable it and try again.

    Then, run the command netsh dns show state.

    Check if Direct Access Settings is disabled.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, October 7, 2015 7:22 AM
    Moderator
  • Hi Leo,

    thanks for your reply. 

    We don't use forced tunneling for our DirectAccess clients. In other words, only connections to the corporate network are sent over the DirectAccess tunnel.

    The issue we have occurs when the laptop is on the LAN and when inside the lan DirectAccess is disabled.

    netsh dns show state

    Name Resolution Policy Table Options
    --------------------------------------------------------------------

    Query Failure Behavior                : Always fall back to LLMNR and NetBIOS
                                            if the name does not exist in DNS or
                                            if the DNS servers are unreachable
                                            when on a private network

    Query Resolution Behavior             : Resolve only IPv6 addresses for names

    Network Location Behavior             : Let Network ID determine when Direct
                                            Access settings are to be used

    Machine Location                      : Inside corporate network

    Direct Access Settings                : Configured and Disabled

    DNSSEC Settings                       : Not Configured

    Best regards,

    Bas

    Wednesday, October 7, 2015 7:56 AM
  • Hi Bas,

    Have you ever configured IPv6 on the laptop?

    If not, I'm afraid it is hard to tell the reason because I have not seen such phenomenon before. And it is also difficult to reproduce and analyze.

    You may modify registry as a workaround.

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, October 8, 2015 9:37 AM
    Moderator
  • I've submitted a ticket with Microsoft. When I have more info or a solution I will update this thread
    Thursday, October 8, 2015 11:37 AM
  • Did you ever get a solution Mister lks? 
    Thursday, June 7, 2018 10:37 AM

  • I don't think so or I can't recall it.

    A lot has changed since then in our environment.

    Thursday, June 7, 2018 10:55 AM