locked
How to enable pure IPv6 on a Exchange 2010 Server? RRS feed

  • Question

  • Queston: How do I completely disable the creation all IPv6 other than local network IPs on the Exchange Server? I have tried:

    netsh interface ipv6 6to4 set state disabled
    netsh interface teredo set state disabled

    but only the Teredo protocol has disappeared. I still have two 6to4, one fe80:, plus the static 192.168 IP and the static fec0 IP I assigned.

    The only equipment, other than the servers that support IPv6 are a couple of Vista machines and two fairly new, cheap routers with original firmware that are not supposed to have any IPv6 capablity, but I suspect are actually inducing 6to4 IPs on the servers. There is nothing in the routers' setup screens to disable stateless autoconfiguration (in favour of DHCPv6 on the DC).  I haven't seen this at other customer sites.

    I am wondering if the problem I am having with the DPM server in this installation is resulting from the DPM server using alternating IPv6 IPs and I'm not fltering the IP ranges correctly in the Exchange Receive Connectors.

    By removing intermediate transition protocols like IPv6, I am hoping to achieve a simpler IPv6 structure. I can move the customer into a real IPv6 router this year once IPv6 is live and when they need external IPv6 access.

    If anyone has any ideas or comments on this, they would be appreciated.

    Thanks,
    Bob.

    Sunday, February 19, 2012 11:49 PM

All replies

  • I noticed this question starting to get a few hits, so here is what I have learned:

    1. 6to4, Teredo, and ISATAP are all transition protocols. A fully IPv6 capable network will not need them.
    2. Teredo (2001:0::/32) and ISATAP (::0:5efe:w.x.y.z or ::200:5efe:w.x.y.z) need servers to be setup specially to work.
    3. 6to4  (2002:/16) needs a 6to4 router to work.
    4. All three can completely bypass NAT firewalls and for some conditions, there may be security concerns.
    5. I believe the routers used by one of my customers is inducing 6to4. The manufacturer denies it has any IPv6 capability. When we shutdown one of the routers, the 6to4 addresses on NICs disappear after running the disable and enable commands below. I can't seem to find anything else on the network that would induce IPv6 addresses. So, are their routers only inducing addresses or are they also letting 6to4 through the NAT without us knowing too?

    The following commands can be used to eliminate these protocols:

    Disable 6to4 and Teredo and ISATAP

    1. Elevated command prompt.
    2. netsh interface ipv6 6to4 set state disabled [didn't seem to work]
    3. netsh interface ipv6 set teredo  disable
    4. netsh interface ipv6 isa set state disabled

    Disable Router Discovery

    1. Elevated Command Prompt.
    2. netsh int ipv6 show interfaces [displays interface index]
    3. netsh int ipv6 set int [index] routerdiscovery=disabled [removes 6to4]

    What's left behind are what will eventually be fully "normal" IPv6 IPs applied to adaptors.

    If anyone can expand on this, please feel free...

    Bob.

    P.S. Exchange Inbound Connectors are working properly without having to add 6to4 ranges. (DPM Server chose to submit anonymous SMTP using 6to4 IPs).



    • Edited by BobH2 Tuesday, February 28, 2012 12:57 PM
    Tuesday, February 28, 2012 12:54 PM