Solved

how to force ipv4 precedence in server 2008

Posted on 2011-03-01
6
2,811 Views
Last Modified: 2012-08-13
We are using MS System Center Virtual Machine Manager to centralize management of Hyper-V installations.  One of our Hyper-V customers enabled IPv6 on their server for their own purposes or experimentation.  Our VMM server lost connectivity to it because it is pulling the AAAA record, and some of our internal routers/switches do not support IPv6 yet.  We need to force the VMM to give IPv4 precedence.  How can we do that?
0
Comment
Question by:Steve Bink
  • 3
  • 3
6 Comments
 
LVL 19

Accepted Solution

by:
bevhost earned 300 total points
Comment Utility
Look at

netsh int ipv6 int show/set prefixpolicy

similar to gai.conf under linux as per RFC 3484
0
 
LVL 50

Assisted Solution

by:Steve Bink
Steve Bink earned 0 total points
Comment Utility
While the solution certainly does appear to work as advertised, we ended up disabling IPv6 on the SCVMM machine.  The powers-that-be did want to mess with configuration through netsh.

There is also another solution I found from Microsoft, which appears to be a little easier to implement:

http://support.microsoft.com/kb/929852

0
 
LVL 19

Expert Comment

by:bevhost
Comment Utility
Well that's fair enough if you have no need for IPv6 but I recommend strongly against it.
You could end up having to disable IPv6 on all your servers.
That could create a real mess when you eventually have to turn it back on one day in the furture.

In particular, any Win7 or Vista machine which doesn't also have IPv6 disabled that finds a DNS entry pointing to the (disabled) Ipv6 interface of your server will have problems.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 50

Author Comment

by:Steve Bink
Comment Utility
>>> [ ... ] I recommend strongly against it.

So do I.  I'm very much in favor of maintaining a functional IPv6 environment.  I believe it is coming up sooner than we think.  Unfortunately, our network admin is resistant (he believes it will not happen for the next 100 years..?!) and management is unwilling to push the issue.

Luckily, it is only this one particular customer that is playing with IPv6, and it only happens to interfere with this one server because of the Hyper-V involvement.  The "fix" should be adequate for now.

What are your thoughts on the alternative solution from Microsoft?  Have you played with precedence using that method?
0
 
LVL 19

Expert Comment

by:bevhost
Comment Utility
>> Have you played with precedence using that method?

I have, but only on linux servers.
Apparently this also requires adjustment on MAC OSX for proper operation.

When microsoft wrote the RFC, they assumed that any PC using private IP address would not have global access.
This is most offten incorrect, and so microsoft ignore their own RFC. MAC OSX and some most linux distros still follow the RFC, so have to be tweaked so that a private IPv4 machine when trying to talk to a server with a public ipv4 address wont prefer IPv6 tunnel mechanisims.

I always change my LAN address to have global precedence, if it has access to the internet.
0
 
LVL 50

Author Closing Comment

by:Steve Bink
Comment Utility
A different solution was implemented, and an easier solution was available.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Resolve DNS query failed errors for Exchange
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now