none
Want to force replication on IPv4 RRS feed

  • Question

  • Hi, I have just started working on AD and I am trying to build two sites (A and B). Both sites have fully functional network on both IPv4&IPv6 i.e. clients can & will use both IPv4 or IPv6 to reach out to DCs.  Root DC is present in site A.  But there is no IPv6 connectivity between sites.  When I am trying to build a new DC (Tree domain) in site B, promotion to DC failing. I looked at the DCPROMO logs and found that the new DC is not able to reach root DC in siteA (RPC calls are failing).  In the Wireshark trace, i observed that the new DC is trying to connect to root DC on IPv6, but as IPv6 WAN connectivity is not available, this is failing.

    So is there any way to force AD to use IPv4 to communicate with other DCs while ,at the same time, supporting ipv6 for clients in the same site? I tried disabling IPv6 stack on the new DC and with this promotion is successful (all the communication happened on IPv4). But once i enable IPv6, replication is failing. 

    Thanks in advance

     

    Friday, June 26, 2020 4:26 PM

All replies

  • Hello Rohith,

    Are two sites are on separate WAN's behind firewalls? In order to join them, you would need to establish a VPN connection between them. ADDS require LDAP, SMB, Kerberow, DNS and other ports that would be dangerous to open over a WAN unless you have a VPN tunnel.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Friday, June 26, 2020 6:45 PM
  • Thanks for the answer.

    I tried setting "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents" to 0x20 (32) to prioritise IPv4 over IPv6, but still replication is always tried on v6

    Saturday, June 27, 2020 3:35 PM
  • Thanks for the answer. 

    Lets say root DC name is DC1 (SiteA) and the new DC is DC2 (SiteB). You mean I have to have a tunnel between DC1 and DC2?

    My requirement is not for production networks. We are trying to experiment few thing in our R&D labs. Let say Site1 is in Lab1 and Site2 is in Lab2 and our IT has already provided secure IPv4 connectivity between these labs (probably some sort of secure tunnel). So all the traffic which is coming out of lab1 and destined to lab2 is encrypted.  So in this way, replication is working when i disable ipv6 on DC2. All i have to do is make DC2 to use IPv4 for replication when IPv6 is enabled.

    Saturday, June 27, 2020 3:48 PM
  • Thanks for the answer. 

    Lets say root DC name is DC1 (SiteA) and the new DC is DC2 (SiteB). You mean I have to have a tunnel between DC1 and DC2?

    Hello Rohith, If this is just a lab and you have routing between two subnets then you don't need VPN. I thought you were referring to two physical sites located in separate locations.

    Make sure IPV6 can resolve to the correct server, ping DCNAME -6 and check if it resolves correctly. 


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Saturday, June 27, 2020 4:13 PM
  • Hi Miguel,

    Thanks. 

    Problem is we dont have IPv6 connectivity between Labs. Inside the labs, we have complete v4/v6 connectivity. So clients in Lab1 can connect to root DC on both v4 and v6 and clients in lab2 can connect to DC2 on both v4 and v6.

    Problem is the connectivity between root DC (DC1) and DC2. Since they are in different labs, they cannot connect over IPv6. This is where replication is failing.

    -Rohith

    Saturday, June 27, 2020 4:21 PM
  • Hi again,

    Did you restart the servers after you made the edit to prioritize IPV4? Sometimes you need a good old restart to load new registry policies and have them take effect.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Saturday, June 27, 2020 9:11 PM
  • Hi Miguel,

    Yes. I did reboot the DC. Still i see that replication is tried over IPv4.

    -Rohith

    Sunday, June 28, 2020 8:10 AM
  • Hi,

    Thank you for posting in our forum.

    The link in the article is for your reference

    https://social.technet.microsoft.com/Forums/windows/en-US/4736f04b-98fb-4b0a-8fcf-85c283568b5d/ad-replication-on-specific-ip-address?forum=winserverDS

    Hope this information can help you

    Best wishes
    Vicky


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 29, 2020 9:07 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    Vicky


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Miguel Fra Thursday, July 2, 2020 10:41 PM
    Wednesday, July 1, 2020 9:09 AM
  • Thanks Vicky for the reply.

    The article you provided has a lot of good info about multihomed DCs. 

    I solved my issue by creating a IPv4 GRE tunnel to carry IPv6 traffic between Lab1 and Lab2. Not a good way to fix this but solved my issue.

    -Rohith

    • Proposed as answer by Miguel Fra Thursday, July 2, 2020 10:41 PM
    Thursday, July 2, 2020 10:31 AM
  •  Not a good way to fix this but solved my issue.

    -Rohith

    yet very clever!

    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     

    Thursday, July 2, 2020 10:41 PM