Disable IPv6 On Windows Server 2008

disable ipv6Ran into a non-obvious problem the other day on our Windows Server 2008 boxes. I thought we could disable IPv6 by simply un-checking the IPv6 adapter checkbox. This apparently isn’t true. Within my DNS, WINS and WSUS servers, the Windows 2008 boxes were still registering using the IPv6 address instead of the IPv4 address, which was causing a few problems.

Some of those problems had to do with name resolution errors. As an example, some of the servers were not receiving the group policy updates. We were also getting TCP IP Helper errors in the event logs. Furthermore, the forward and reverse lookups were defaulting to the IPv6 address rather than the IPv4 address which caused issues with some of the proprietary software we have running on out systems.

The other reason we had to disable IPv6 has to do with the DoD STIG requirements. Most people have no idea what these are, but STIGs are the guidelines classified systems must adhere to in order to get accredited, and thus approved to operate. Unless all our systems, and all equipment on the network is using IPv6, we have to turn it off.

Fortunately, the fix isn’t that difficult and only requires one change. You simply add a registry key to disable the service, the reboot the server.

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents
DWORD: ffffffff

Once IPv6 was disabled, I had to manually clean-up the entries erroneous entries in the DNS server. This resolved some of the strange issues we were encountering with the Windows 2008 severs and the applications starting working again.

As a side note, In Windows 2012, you don’t want to use “ffffffff”. You only want to use “ff”. Using the latter can delay boot times by about 5 seconds.

Leave a Comment