On the Edge of the Network

Single post

Server 2003 Domain Issues and DNS Address Interference

Recently, I had to perform some repair work on a Windows Server 2003-based domain network, managing around 25 Windows 7 and 3 Vista computers. The client reported that they were having some intermittent issues with the domain, as they were having troubles with mapped network drives being inaccessible and that they could no longer join workstations to the network.

This network had two Windows Server 2003-based servers acting as domain controllers and a server running Windows Home Server.

Being a small company with a limited budget, they were using a consumer Netgear WDNR3700-100NAS Wireless N router as their main DHCP server and wireless access point. While troubleshooting, I discovered that the both IPv4 and IPv6 addresses were being served from the WDNR3700-100NAS to all computers. Normally, this usually wouldn’t be an issue with a standard DHCP server, but apparently with DCHP being handled by a consumer router, along with being setup as a IPv4-only network, this caused some issues with the domain. Upon further research, CenturyLink recently began issuing IPv6 addresses to all of it’s costumers, in preparation for the World IPv6 Launch Day. When this company began receiving an IPv6 address, the Netgear WDNR3700-100NAS router that they were using began issuing IPv6 addresses; apparently, the WDNR3700-100NAS automatically enables DHCP IPv6 addressing on the local network when it detects that it’s receiving an IPv6 address from it’s uplink port.

By default, both Windows 7 and Windows Vista prefer IPv6 over IPv4 addresses. As a result, the Windows 7 and Vista computers used them as their primary IP address, along with the IPv6 DNS address, bypassing IPv4 completely. Their DNS addresses were set to the IPv4 address of the Server 2003 domain controllers and not IPv6 addresses, as the domain controllers were not assigned static IPv6 addresses to begin with. With the IPv6 over 4 preference, this was the cause of the domain issues.

As the company wanted to resolve their connection issues as quickly as possible, I temporarily disabled IPv6 DHCP addressing on the WDNR3700-100NAS, which restored the domain connectivity for the computers on the network (as they were using only the IPv4 addresses). I then deployed the “Prefer IPv4 Over IPv6 Microsoft Hot Fix” to all the computers via group policy, so that they would use the assigned IPv4 addresses over IPv6 addresses. I also assigned static IPv6 addresses to the domain controllers. After deployment of the hotfix was complete, I re-enabled IPv6 addressing, as it would be a generally bad idea to leave it off when the Internet is in the process of a full-scale transition to IPv6. I also suggested that they utilize a real DHCP server, rather than a consumer router.

If you find that you are having domain connection issues and your network is setup for IPv4 addressing only, make sure that there isn’t a rogue DHCP server addressing IPv6 addresses!

Write a Comment