locked
IPV6 slowing things down RRS feed

  • Question

  • Our company uses Direct Access. For this IPV6 has to be enabled. Everything works fine for users in our main site who have local access to our servers. The problem is with users in remote offices who connect over an IPV4 VPN. Most of the problem is with Exchange connections. It seems that when they start Outlook, it tries to connect over IPV6, fails then tries IPV4. This causes a delay in Outlook connecting to Exchange. It also frequently disconnects or doesn't update mail from the server. If I add an IPV4 entry to the host file, everything works great, but this is not the best solution. Any ideas?
    Mike Pietrorazio
    Tuesday, November 29, 2011 12:09 PM

Answers

  • Hi,

    We can prefer ipv4 over ipv6:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
    •In the Edit menu, point to New, and then click DWORD (32-bit) Value.
    •Type DisabledComponents, and then press ENTER.
    •Double-click DisabledComponents.
    •Type 0x20 to prefer IPv4 over IPv6


    Ketan Thakkar | Microsoft Online Community Support
    Tuesday, December 13, 2011 2:20 PM
  • I ended up using Group Policy to have clients prefer IPV4 over IPV6. This seems to have worked.

     

    Reference

    http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html 


    Mike Pietrorazio
    Thursday, January 12, 2012 12:27 PM

All replies

  • Hi Mike,

     

    Thanks for posting here.

     

    > Most of the problem is with Exchange connections. It seems that when they start Outlook, it tries to connect over IPV6, fails then tries IPV4.

     

    May I know how do we set the DNS name resolution for clients at branch ? which DNS servers are these clients pointing and using now ? please show us the “ipconfig /all” results from affected clients and the results of command “ nslookup <exchange server> “ here.

     

    I suspect clients were first resolve and get the IPv6 address of the exchange server when attempted to access it. Can you confirm that ? or maybe we should set to use the DNS server which is same as what we set for clients at main office .

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, November 30, 2011 5:20 AM
  • The clients at the branch office have a Read Only Domain Controller on site. This is where they get their DNS from. This DNS server replicates from our DNS server in the central office so it is populated with both the IPV4 and IPV6 addresses for the servers. It appears that Windows 7 users are trying the IPV6 address first but timing out as they can't access the server's IPV6 address over the IPV4 VPN. So I'm guessing they retry using IPV4 which would explain the delay.
    Mike Pietrorazio
    Wednesday, November 30, 2011 12:44 PM
  • Hi Mike,

     

    Thanks for update.

     

    So could you show us the results of command “nslookup <exchange server name>” form affected clients here ?Actually application will choose to use IPv6 to connect only if resolve and get IPv6 address form DNS server.  

    Meanwhile, we can also test by disabling IPv6 with following the procedures in the article below on these clients if still concern IPv6 will properly cause the delay :

     

    How to disable IP version 6 (IPv6) or its specific components in Windows 7, in Windows Vista, in Windows Server 2008 R2, and in Windows Server 2008

    http://support.microsoft.com/kb/929852

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, December 1, 2011 2:52 AM
  • We cannot disable IPV6 as clients use Direct Access for VPN when not in the office. Below is the NSLOOKUP

    C:\Users\akadmin>nslookup server.company.com
    DNS request timed out.
        timeout was 2 seconds.
    Server:  UnKnown
    Address:  123.456.789.10 (external IP)

    Name:    serverm.farrel.com
    Addresses:  2002:ada6:4d62:1:0:5efe:192.168.1.5
              192.168.1.5


    Mike Pietrorazio
    Thursday, December 1, 2011 12:24 PM
  • Hi Mike,

     

    Thanks for update.

     

    > We cannot disable IPV6 as clients use Direct Access for VPN when not in the office

     

    This is for testing which will help us to determine if the IPv4 connection will be the root cause.

     

    > Server:  UnKnown

    >Address:  123.456.789.10 (external IP)

     

    Are clients still using an external DNS server when they at remote office which connects to main office via IPv4 VPN connection?

    I think the issue is not quite clean so far, if this issue only occurred when they were connect to exchange server by using Direct Access then performance of internet connectivity might be the root cause.   

     

    >Name:    serverm.farrel.com

     

    This seems is an external internet domain name or maybe we are using same name for internal or external domain ? are all clients connect to exchange server via this domain ? have also set the RPC over HTTP?

     

    “The DirectAccess client computer determines whether it is connected to the intranet. If it is, DirectAccess is not used. Otherwise, DirectAccess is used.”

     

    The DirectAccess Connection Process

    http://technet.microsoft.com/en-us/library/dd637792(WS.10).aspx

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, December 2, 2011 2:37 AM
  • No, that's not quite correct. Users at the remote site use a local DNS server that replicates IPV4 & IPV6 addresses from the central site. This is when they see the issue. When using Direct Access away from the the office, everything works fine because they are using IPV6 and connecting directly to the central site.
    Mike Pietrorazio
    Friday, December 2, 2011 12:38 PM
  • Hi,

    We can prefer ipv4 over ipv6:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
    •In the Edit menu, point to New, and then click DWORD (32-bit) Value.
    •Type DisabledComponents, and then press ENTER.
    •Double-click DisabledComponents.
    •Type 0x20 to prefer IPv4 over IPv6


    Ketan Thakkar | Microsoft Online Community Support
    Tuesday, December 13, 2011 2:20 PM
  • 1. Will that break Direct Access?

    2. I can also edit the host file and the IPV4. That might be better than editing the registry

    I'm just wondering what the prefered method for this kind of situation is.


    Mike Pietrorazio
    Tuesday, December 13, 2011 3:20 PM
  • This shouldn't breadk DA. DA is comopletely based on IPv6.

    We are just setting preference over IPv6 by 0x20 and not disabling IPv6


    Ketan Thakkar | Microsoft Online Community Support
    Thursday, December 15, 2011 9:15 AM
  • I ended up using Group Policy to have clients prefer IPV4 over IPV6. This seems to have worked.

     

    Reference

    http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html 


    Mike Pietrorazio
    Thursday, January 12, 2012 12:27 PM