Tuesday, July 14, 2009

How to Disable IPv6 in Windows 2008 Full and Core editions

IPv6 is by default enabled in Windows Vista and Windows 2008. Many people argue that they’re having issues because they’re not using it and some apps may fail to work correctly due the fact of miss IPv6 configuration address or because the Apps don't understand IPv6. Before disabling IPv6 be aware that some new features on windows will require IPv6 to work, so be aware of that before starting to make changes to your servers or workstations.

So how to disable IPv6?
Simple, first disable IPv6 under your NIC properties (if you've multiple interfaces do it for each one)


To completely disable IPv6 go to the following registry (Remember to ALWAYS backup the registry keys that you're changing before changing the):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\

Create the following registry value (DWORD type): DisabledComponents

Note that “DisabledComponents” is case sensitive and should be typed exactly like that.
DisabledComponents is set to 0 by default. To disable IPv6 support on all interfaces, set the value to FFFFFFFF. The registry entry will look like below:


Restart the computer for the changes to the DisabledComponents registry value to take effect.
DONE!!!!

Okay, fine, but... and if I have a Windows Core version?!!!!

In Windows core edition we don’t have GUI to disable the IPv6 under NIC properties, so option is to directly edit the registry.

To start lets try to disable IPv6 only in one adapter as if we were in a FULL installation mode :)
First let's identify the adapter to be disabled, to do that type:

WMIC NICCONFIG WHERE IPENABLED=TRUE GET Description,SettingID,IPADDRESS /FORMAT:LIST

Identify the NICs that you want to disable IPv6.

In this scenario I want to disable the interface that has the ipv4 "1.1.1.3" and IPv6 "fe80::9d2d:fc06:8abd:44ef"

The interface SettingID is "{93145725-C49B-4A42-87F0-415B6335D211}"
(Remember, always backup your registry before making any changes).

Then type regedit to open registry editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage
Open the “Bind”, “Export” and “Route” String Values and remove the Adapter SettingID that corresponds to the listed NIC that you want to unbind IPv6.

(in this scenario is the Adapter ID {93145725-C49B-4A42-87F0-415B6335D211})


Then navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
Now you need to identify where youre NIC is at... To do that select the subkeys "0000", "0001", "0002" and so on untill you get desired NIC, to identify the NIC, you need to know the Description and SettingID that we get from WMIC cmd, then compare the values, if they match you're on the right place. In this scenario the Description is "HP NC364T PCIe Quad Port Gigabit Server Adapter" and the SettingID is "93145725-C49B-4A42-87F0-415B6335D211"

As you see the correspondent value is "0005"


The next Step is to unbind the Tcpip6 from the adapter, to do that open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\xxxx\Linkage\UpperBind key and remove the entry for Tcpip6.


After the change:


Reboot the server.
After the reboot, type from cmdline:
WMIC NICCONFIG WHERE IPENABLED=TRUE GET Description,SettingID,IPADDRESS /FORMAT:LIST
Now, as you can see you no longer have the IPv6 bound the that adapter.

DONE!!!!

Q&A
Q: And if I want to do this for more adapters?
A: Repeat the same process for each adapter that you want to disable IPv6.

Q: Can I use the “DisabledComponents” reg key as I did in Windows FULL edition?
A: Yes you can. In that Scenario you need to remove all the values from “Bind”, “Export” and “Route” that are under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage, then, configure the “DisabledComponents” reg key as you did in Windows FULL edition under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\ .
(No need to disable Tcpip6 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\xxxx\Linkage\UpperBind )
You must restart the computer for the changes to the DisabledComponents registry value to take effect.

Q: Do you know any issue when using "DisabledComponents" in Windows Core?
A: Yes. after you configure the DisabledComponents in windows Core and reboot, if you use Computer Management to remotely connect to that server Core you may see a warning for the 6TO4 Adapter - "This device cannot start. (Code 10)".


To solve this problem you need to disable the 6TO4 adapter (since that you're not using it) using the Netsh cmdline:
IMPORTANT:
You must do this before you configure the DisabledComponents reg key!!!
The correct order is:

- Clear the DisabledComponents reg key (if it is configured).
- Reboot the server.
- From cmdline type: <netsh in 6to4 set state disable>


- Configure the DisabledComponents reg key
- Reboot the server.
- Use the Computermanagement to remotely connect to the server core and confirm that everything is ok now.


IF this doesn't solve your problem you've another option:
(Warning: the next procedure is to uninstall the 6TO4 adapter from your system, you may have problems by doing that, and I rather disable than removing it, proceed at your own risk)

Okay let's assume that the previous procedure didn't solved the 6TO4 adapter warning, the additional option is to uninstall it from the system.

- In Windows 2008 FULL edition, you need to open the device manager, then right click in the adapter and choose the option "uninstall". Then reboot the server and the error should be fixed.

- How do I uninstall this device in Windows Core Edition? Simple, from command line type:
netcfg -u *6to4mp
Then reboot the server and the error should be fixed.

Q: After I fix the 6TO4 adapter warning, I decided that I want that adapter back but I can't ...
A: You need to remove the setting for "DisabledComponents" and remove all the values from “Bind”, “Export” and “Route” that are under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Linkage
Then
If you disabled the adapter: you need to enable it again using the following cmd:
Netsh i 6TO4 set state enable, after that Reboot the server

If you uninstalled the adapter: Just reboot the server.

As final note, you may want to reconfigure your Hosts File and disable the Localhost for IPv6 by placing a "#" before ::1 Localhost, then save the file...


Additional Information:
From: http://technet.microsoft.com/en-us/library/bb878057.aspx
The DisabledComponents registry value is a bit mask that controls the following series of flags, starting with the low order bit (Bit 0):

Bit 0 Set to 1 to disable all IPv6 tunnel interfaces, including ISATAP, 6to4, and Teredo tunnels. Default value is 0.
Bit 1 Set to 1 to disable all 6to4-based interfaces. Default value is 0.
Bit 2 Set to 1 to disable all ISATAP-based interfaces. Default value is 0.
Bit 3 Set to 1 to disable all Teredo-based interfaces. Default value is 0.
Bit 4 Set to 1 to disable IPv6 over all non-tunnel interfaces, including LAN interfaces and Point-to-Point Protocol (PPP)-based interfaces. Default value is 0.
Bit 5 Set to 1 to modify the default prefix policy table to prefer IPv4 to IPv6 when attempting connections. Default value is 0.

To determine the value of DisabledComponents for a specific set of bits, construct a binary number consisting of the bits and their values in their correct position and convert the resulting number to hexadecimal. For example, if you want to disable 6to4 interfaces, disable Teredo interfaces, and prefer IPv4 to IPv6, you would construct the following binary number: 101010. When converted to hexadecimal, the value of DisabledComponents is 0x2A.

The following table lists some common configuration combinations and the corresponding value of DisabledComponents.

Configuration DisabledComponents value
Disable all tunnel interfaces 0x1
Disable 6to4 0x2
Disable ISATAP 0x4
Disable Teredo 0x8
Disable Teredo and 6to4 0xA
Disable all LAN and PPP interfaces 0x10
Disable all LAN, PPP, and tunnel interfaces 0x11
Prefer IPv4 over IPv6 0x20
Disable IPv6 over all interfaces and prefer IPv4 to IPv6 0xFF

Have Fun :P

1 comment:

  1. Excellent !!! This surely goes into my bookmarks section !!! Keep up the good work !!! Good luck !!! :)

    ReplyDelete