none
IPV6 Network Authentication

    Question

  • We've just added real world IPV6 address from our ISP to our router and are using advertisements for all the clients to get their addresses. This works fine, but we've notice that after logon the network adaptor is incorrectly set as "public network" and is in the state of "Identifying" for almost a minute. During this time, domain resources are all unavailable. Finally, after about a minute, it will show that it's connected to the domain and everything works as expected. For a test, I unchecked IPV6 from my network adaptor, rebooted, and everything worked normally, but the problem came back after turning IPV6 back on. I have added the IPV6 subnet to "Sites and services" for the correct site. This is affecting all computers at the site. Have I missed something?

    Mike Pietrorazio

    Monday, January 23, 2017 2:55 PM

Answers

  • I finally fixed this issue by moving the NLS off the DA server and onto another internal IIS.

    Mike Pietrorazio

    Monday, February 26, 2018 2:33 PM

All replies

  • Hi Mike,

    >>During this time, domain resources are all unavailable

    What is the type did you use to access resources? Is it IP address or FQDN?

    Which the error information did it show?

    >>but the problem came back after turning IPV6 back on

    Please try to disable IPv4 and perform the same operation to check if result is different.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 24, 2017 9:30 AM
  • Hi John,

    During the time before the adaptor shows "Public", I cannot connect to file shares, Exchange, Skype for business, internal websites. Everything shows "Connecting", or "Page cannot be displayed". All services are restored when it identifies itself as back on "Domain".

    If I use IPV6 only (Disable IPV4), then it never connects to the domain.
    Mike


    Mike Pietrorazio

    Tuesday, January 24, 2017 12:48 PM
  • Hi Mike,

    Have you configured IPv6 record of DC on DNS server?

    Please try to access internal websites by IPv6 address to check if connection is correct.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 25, 2017 9:10 AM
  • Hi John,

    There are both ipv4 & ipv6 records in DNS for both DC's. Ping replies successfully with IPV6 addresses. I've added a DNS record for an internal website and this works fine as well. It seems the problem is limited just the domain detection.

    Thanks,
    Mike


    Mike Pietrorazio

    Wednesday, January 25, 2017 12:13 PM
  • Hi Mike,

    >>It seems the problem is limited just the domain detection.

    Please disable IPv4, and catch traffic on DC to check if client could send request of domain joined to DC, and DC has sent authentication information to client.

    Did adapter connection show public network when you disable IPv4?

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 26, 2017 6:19 AM
  • Update to this issue. It seems that the Windows Firewall, which uses the public profile during boot, is blocking IPV6 LDAP requests to the DC. After it times out, then it tries on IPV4. This eventually succeeds and domain detection is successful, but the delay is still causing temporary connectivity issues to Domain resources for the first few minutes the users is logged on.

    Mike Pietrorazio

    Wednesday, December 20, 2017 7:05 PM
  • I finally fixed this issue by moving the NLS off the DA server and onto another internal IIS.

    Mike Pietrorazio

    Monday, February 26, 2018 2:33 PM