Question-I've been watching this thread, and honestly haven't read up on the IPv6 stuff lately (although we're getting there eventually). In our environment, we've disabled IPv6 on every WS08+ server by importing the reg value:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters] "DisabledComponents"=dword:ffffffff And then also unchecking the box by IPv6 (probably not necessary to do both) and the LLMNR boxes, probably similar to what Chris is doing. So far, we've not run into support issues (had it come up once on a PSS call, but it wasn't a problem), but it is always a concern. So, is there a difference when it comes to support between just unchecking the box for IPv6 and disabling it altogether via regedit, or do they both create "issues"? I'll follow up with some of the links posted, and I don't mind changing what we've been doing if it means the difference in support, but not for no reason. I'm not the network person here, so hopefully the following makes sense, but early on, we had found that leaving IPv6 enabled on servers (DCs specifically) was causing some lookup problems from Vista/7 clients. The servers would register A and AAAA records, and the client machines would try to communicate via IPv6 at times, but our network infrastructure is not yet set up to route it successfully, so failures happen. -Bonnie From: Free, Bob [mailto:[email protected]] Sent: Tuesday, February 08, 2011 4:12 PM To: NT System Admin Issues Subject: RE: IPv6 question > I would say that you put yourself, at best, in a supportability grey area. We were basically told that but in a little, well actually, a lot stronger terms a little over a year ago by a PFE. He said not to even consider doing it. We were specifically discussing DCs but he said we would basically be in an unsupported configuration. A number of articles have been published since that echo that sentiment From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, February 08, 2011 1:58 PM To: NT System Admin Issues Subject: RE: IPv6 question None of these are true: * Conservation of system resources (CPU, memory) * Smaller footprint, smaller code base, etc.... * Newer code, more likely to be exploited in the near future The IP stack was COMPLETELY re-implemented in Vista/2008. IPv4 as well as IPv6. They are integrated. Finally, no testing is done by any engineering group with IPv6 disabled. I would say that you put yourself, at best, in a supportability grey area. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Christopher Bodnar [mailto:[email protected]] Sent: Tuesday, February 08, 2011 4:51 PM To: NT System Admin Issues Subject: IPv6 question While the discussion of IPv6 is in play..... Just wanted to put this out there to start a discussion. see what others are doing ,and get some feedback: When we initially configured our "Gold build" for Windows Server 2008, the decision was made to disable the following on all network adapters: * Disable IPv6 * Disable Link-Layer Topology Discovery Mapper I/O Driver * Disable Link-Layer Topology Discovery Responder Justifications for this were: * Fewer protocols on the network reduce network traffic * Conservation of system resources (CPU, memory) * Smaller footprint, smaller code base, etc.... * Newer code, more likely to be exploited in the near future * No current plans to use IPv6 internally in the near future * No Exchange in our environment (Notes shop) * No MS Outlook in our environment (Notes shop) So far we have had no issues at all with this decision. As we go further along in our migration to the a new 2008 R2 domain which is Windows Sever 2008 R2 FFL, I wanted to make sure that this is still valid, and that we won't run into any issues. I've been looking at the following articles: http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx http://searchnetworking.techtarget.com.au/tips/21232-Disabling-IPv6-in-Windows-Vista-Pros-and-cons http://technet.microsoft.com/en-us/library/bb457011.aspx All comments and opinions welcome. Thanks, Chris Bodnar, MCSE Technical Support III Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected]<mailto:[email protected]> Phone: 610-807-6459 Fax: 610-807-6003 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
