none
DHCP Server on Windows 2008 R2 without IPV6 RRS feed

  • Question

  • Hello,

    I have Windows 2003 domain controllers hosting DHCP Servers in our Windows domain. I have installed Windows 2008 R2 as additional domain controller and I like to create a new DHCP scope in IPv4 format. Our network is not IPv6 ready and I prefer not to run services I don't use because of security concerns. I have read and heard mixed reactions from Microsoft community and Microsoft engineers about IPv6. Some say don't disable IPv6 on Windows 2008/ R2 as this could create issues for Microsoft latest releases like Exchange 2010, SQL 2008 R2 etc. I am not sure how this will be a problem if the infrastructure/ network doesn't support IPv6 protocol.

    1. What's Microsoft recommendation on IPv6 for environments that support IPv6? Disable if not using or keep it enabled (enabled by default)

    2. I am configuring DHCP on Windows 2008 R2 for IPv4. NIC on this server has IPv6 enabled but doesn't have a static address. Is it safe to uncheck IPv6 from NIC properties. I would assume Microsoft not recommending having this interface running with a dynamic address for IPV6 and static address for IPv4.

    To brief it, if I am not using IPv6 , can i disable it and will it cause any issues in future with products like Exchange 2010, SQL 2008 R2 etc.

    Thanks in advance

    Wednesday, August 18, 2010 6:24 PM

Answers

All replies

  • Hi,

    Thanks for the post.

    We recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.

    For more informattion, please check the following article:

    http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx

    Here is another post regarding the same issue you could refer to:

    http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2networking/thread/d7bfc3f0-1ea7-43e9-aaae-7b1d5c0b5c51

    Hope this helps.

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, August 19, 2010 8:42 AM
    Moderator
  • Thanks Miles for your post.

    This brings up another question. Is it recommended to leave IPv6 enabled with dynamic address on a Server installation?For example, in my case I configured a Windows 2008 R2 Server as additional domain controller. This server will act as an internal DNS Server (AD integrated) and DHCP Server. So how could leaving IPv6 enabled with dynamic address a best practice? Also, during DHCP installation a window pops up with warning saying " A dynamic address for IPv6 detected, please use a static address" which is what I would expect for Servers. I am not worried about desktop part, this could be left enabled but on Server side is it a big security hole to leave it enabled?

    Is there a Microsoft KB article where Microsoft express their recommendation for an environment with no IPv6 SUPPORT?

     

    Thanks in advance

    Friday, August 20, 2010 1:42 AM
  • My apologies Miles, I saw Microsoft's recommendation from the link you included in the post.

     

    To be specific, if I leave IPv6 enabled on the Server, while configuring DHCP it adds a IPv6 Scope. So it will be

    DHCP Server Name

          | IPv4  (Scope will be configured here)

          | IPv6 (No scope configured, but appear with a GREEN check mark)

    Can I assume this to be safe or what is MSFT recommendation?

    Thanks in advance

    Friday, August 20, 2010 1:52 AM
  • Hi,

    Thanks for the update.

    It will be safe if we don't add a IPv6 scope for the DHCP server.

    Thanks,

    Miles


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, August 20, 2010 3:43 AM
    Moderator
  • This is all well and fine, however, MOM reports an error when DHCP IPv6 is on with no scope set:

    One or more DHCPv6 Server service components failed to initialize properly

    Alerts pertaining to the IPv6 Runtime state of Microsoft Windows 2008 - DHCPv6 Server.The Dynamic Host Configuration Protocol version 6 (DHCPv6) Server service is a process that runs in the background on a computer running Windows Server and that provides Internet Protocol version 6 (IPv6) addresses to clients. Dynamic Host Configuration Protocol (DHCP) can lease both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) addresses. If IPv6 is not available, the DHCP service uses IPv4 only.

    Guess I'm going to have to set an exception....

    Friday, September 27, 2013 10:34 AM
  • It is now 8 years later, and things are worse than ever.  If you leave IPv6 enabled on a network that is NOT CORRECTLY AND FULLY CONFIGURED for it, you WILL experience strange failures even when only accessing external web sites via a browser.  Until Microsoft has a fix for this, DISABLE IPv6 across the board, if you are not specifically using it.  And if you are, you must fully commit to using it, and configuring it correctly, on ALL machines.
    Tuesday, May 1, 2018 8:32 PM