Cannot disable Teredo in Windows 7 RRS feed

  • Question

  • Hello there,

    we are having problems with using IPHTTPS with Direct Access. Teredo works fine.

    In order to troubleshoot the problem I tried to disable the Teredo adapter on my Windows 7 via the netsh command:
    netsh interface teredo set state disabled

    As I understand this should stop the Teredo interface immediately and the system should the fall back on IPHTTPS, which would make troubleshooting possible.

    And this doesn't work, even when I disable the Teredo adapter it stays "online" and Direct Access continues working. When I do ipconfig /all I can see that the Teredo adapter is still the one in use.

    Any ideas,

    thanks in advance, Marcus

    Friday, March 8, 2013 8:01 AM

All replies

  • Hi

    Are you sure that IPHTTPS interface is operational?

    If it's not the case your computer have no other choice. Try a NETSH.EXE INTERFACE HTTPSTUNNEL SHOW INTERFACE.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, March 8, 2013 9:04 AM
  • This is what it says (in German)


    Parameter für die Schnittstelle IPHTTPSInterface (Group Policy)
    Rolle                       : client
    URL                        : https://da.visatec.net:443/IPHTTPS
    Letzter Fehlercode            : 0x0
    Schnittstellenstatus           : Die IP-HTTPS-Schnittstelle ist deaktiviert.

    which means it is disabled, but I never did that.

    When I check this registry entry HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState is on 0.

    Any ideas?

    Tuesday, March 12, 2013 7:48 AM
  • Hi<o:p></o:p>

    There is one case in which Teredo does not disable,it's when enterprise client mode was enabled. Please use NETSH.EXE INTERFACE
    TEREDO SHOW STATE to check the Teredo Type value. If it's ENTERPRISE CLIENT, teredo never disables itself. Reconfigure your client with the following command "NETSH INTERFACE TEREDO SET STATE CLIENT" if it's not enforcer through GPO. Otherwise, just create an outgoing firewall rule that block UDP3544 protocol on your DirectAccess client. This will completely block Teredo and force your client to use IPHTTPS.
    Teredo and force your client to use IPHTTPS.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Tuesday, March 12, 2013 9:26 AM
  • The Teredo settings come from the DirectAccess GPO, and sometimes running the manual command takes a few tries before it will "stick". And even then, it may revert itself back after it receives a Group Policy update.

    netsh int teredo set state disabled will work - even if it's set to EnterpriseClient state, but you may have to enter that command a few times.

    Or you can use a GPO to fight the other GPO - setup a GPO that disables Teredo at that level, assign it to your test computer, and do it that way. A little more involved though. :)

    Wednesday, March 13, 2013 2:10 PM
  • Have you tried it from the GUI

    1. Right Click Computer - Properties - Device Manager

    2. View - Show Hidden Devices

    3. Network adapters - Right Click Teredo Tunneling Pseudo-Interface and disable it.


    Wednesday, July 17, 2013 11:42 PM