IPV6 slowing things down
Our company uses Direct Access. For this IPV6 has to be enabled. Everything works fine for users in our main site who have local access to our servers. The problem is with users in remote offices who connect over an IPV4 VPN. Most of the problem is with
Exchange connections. It seems that when they start Outlook, it tries to connect over IPV6, fails then tries IPV4. This causes a delay in Outlook connecting to Exchange. It also frequently disconnects or doesn't update mail from the server. If I add an IPV4
entry to the host file, everything works great, but this is not the best solution. Any ideas?Mike Pietrorazio
November 29th, 2011 7:38am
Hi Mike,
Thanks for posting here.
>
Most of the problem is with Exchange connections. It seems that when they start Outlook, it tries to connect over IPV6, fails then tries IPV4.
May I know how do we set the DNS name resolution for clients at branch ? which DNS servers are these clients pointing and using now ? please show us the “ipconfig
/all” results from affected clients and the results of command “ nslookup <exchange server> “ here.
I suspect clients were first resolve and get the IPv6 address of the exchange server when attempted to access it. Can you confirm that ? or maybe we should set to
use the DNS server which is same as what we set for clients at main office .
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tnmff@microsoft.com.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2011 12:48am
The clients at the branch office have a Read Only Domain Controller on site. This is where they get their DNS from. This DNS server replicates from our DNS server in the central office so it is populated with both the IPV4 and IPV6 addresses for the servers.
It appears that Windows 7 users are trying the IPV6 address first but timing out as they can't access the server's IPV6 address over the IPV4 VPN. So I'm guessing they retry using IPV4 which would explain the delay.Mike Pietrorazio
November 30th, 2011 8:10am
Hi Mike,
Thanks for update.
So could you show us the results of command “nslookup <exchange server name>” form affected clients here ?Actually application will choose to use
IPv6 to connect only if resolve and get IPv6 address form DNS server.
Meanwhile, we can also test by disabling IPv6 with following the procedures in the article below on these clients if still concern IPv6 will properly cause the delay
:
How to disable IP version 6 (IPv6) or its specific components in Windows 7, in Windows Vista, in Windows Server 2008 R2, and in Windows Server 2008
http://support.microsoft.com/kb/929852
Thanks.
Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 30th, 2011 10:18pm
We cannot disable IPV6 as clients use Direct Access for VPN when not in the office. Below is the NSLOOKUP
C:\Users\akadmin>nslookup server.company.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 123.456.789.10 (external IP)
Name: serverm.farrel.com
Addresses: 2002:ada6:4d62:1:0:5efe:192.168.1.5
192.168.1.5Mike Pietrorazio
December 2nd, 2011 7:50am
No, that's not quite correct. Users at the remote site use a local DNS server that replicates IPV4 & IPV6 addresses from the central site. This is when they see the issue. When using Direct Access away from the the office, everything works fine
because they are using IPV6 and connecting directly to the central site.Mike Pietrorazio
Free Windows Admin Tool Kit Click here and download it now
December 2nd, 2011 8:04am
Hi Mike,
Thanks for update.
>
We cannot disable IPV6 as clients use Direct Access for VPN when not in the office
This is for testing which will help us to determine if the IPv4 connection will be the root cause.
>
Server:
UnKnown
>Address:
123.456.789.10 (external IP)
Are clients still using an external DNS server when they at remote office which connects to main office via IPv4 VPN connection?
I think the issue is not quite clean so far, if this issue only occurred when they were connect to exchange server by using Direct Access then performance of internet
connectivity might be the root cause.
>Name:
serverm.farrel.com
This seems is an external internet domain name or maybe we are using same name for internal or external domain ? are all clients connect to exchange server via this
domain ? have also set the RPC over HTTP?
“The DirectAccess client computer determines whether it is connected to the intranet. If it is, DirectAccess is not used. Otherwise, DirectAccess
is used.”
The DirectAccess Connection Process
http://technet.microsoft.com/en-us/library/dd637792(WS.10).aspx
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tnmff@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
December 2nd, 2011 10:03pm
Hi,
We can prefer ipv4 over ipv6:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
•In the Edit menu, point to New, and then click DWORD (32-bit) Value.
•Type DisabledComponents, and then press ENTER.
•Double-click DisabledComponents.
•Type 0x20 to prefer IPv4 over IPv6Ketan Thakkar | Microsoft Online Community Support
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 5:20pm
Hi,
We can prefer ipv4 over ipv6:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters \
•In the Edit menu, point to New, and then click DWORD (32-bit) Value.
•Type DisabledComponents, and then press ENTER.
•Double-click DisabledComponents.
•Type 0x20 to prefer IPv4 over IPv6Ketan Thakkar | Microsoft Online Community Support
December 14th, 2011 9:35am
1. Will that break Direct Access?
2. I can also edit the host file and the IPV4. That might be better than editing the registry
I'm just wondering what the prefered method for this kind of situation is.Mike Pietrorazio
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2011 10:35am
This shouldn't breadk DA. DA is comopletely based on IPv6.
We are just setting preference over IPv6 by 0x20 and not disabling IPv6Ketan Thakkar | Microsoft Online Community Support
December 15th, 2011 4:30am
I ended up using Group Policy to have clients prefer IPV4 over IPV6. This seems to have worked.
Reference
http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html Mike Pietrorazio
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2012 7:39am