<

Disabling IPv6 on Servers/Workstations using Group Policy Preferences.

Published on
22,422 Points
15,922 Views
Last Modified:
Approved
I am sure this will help administrator who wants to disable IPv6 in Servers/Workstations. But before you start make very sure that is what you really need to do. It might create other problems for you, but it did solve our specific problem.

The Problem we had :

We have some Lotus Notes email servers (Around 30 Servers) , which were causing slow down in sending and receiving emails and were not able to reply to the frequent ping.

We started investigating the issue and found that it is due to IPv6 registration in DNS server.

All Lotus Notes servers were registering both IPv4 and IPv6 .

Next task which we encoutered was how to disable the IPv6 on all the Lotus Notes servers. So we started digging how we can fullfill this task.

The Fix we found :

We needed to make use of Group policy preference ( Available in windows server 2008 or later). Below are the steps that worked for us.

1.Create a GPO and Link it to the appropriate OU ( I am linking it to domain level).

  Create a GPO and Link it to the appropriate OU

2. Name the GPO as per your Naming methodology.

Name the GPO as per your Naming methodology
3.Right Click on the GPO Object and click on Edit

Fill in the infomation as shown below
4. Navigate to Computer Configurations----->Preferences------->windows settings------>Registry----->New------>Registry Item

 Navigate
5. Fill in the infomation as shown below ,

infomation
6.Once this is done , you will be having a new Registry entry in Create for the GPO.
 
  Registry entry
7. Wait for replication to happen , One can test this by going to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters  path on a Server/Workstations . There should be an entry with DisabledCompnonets with the Value 0xffffffff. By doing this there is no need to creating a manual entry of disabledComponents in above path , GPO will take care of this entry creation.

DNS server will take time to replicate the changes to all the DNS server (I am assuming all the DNS servers are AD Integrated).

 I have implemented this at our site for lotus notes and it works like a charm. Hope this information will help you if you have similar problems.

Please Note Microsoft does not recommend disabling IPv6, so please double check before you begin. Please see : http://support.microsoft.com/kb/929852 and for further reading please see the IPv6 site on Microsoft : http://technet.microsoft.com/en-us/network/bb530961.aspx

Thanks,

_Prashant_
0
Comment
1 Comment
 
LVL 1

Expert Comment

by:dinoos
Always keep in mind protocol ipv6
Open to unicast attack !!
As much as possible not to use it
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Join & Write a Comment

This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month