IPv6 ... it's here to stay, and if you want to use Exchange, you better get used to it

I was speaking with a colleague from a previous job, and they were testing out Exchange 2013 in their lab environment, and were not having much success with even getting it installed. Being the curious cat that I am, I thought I'd help them out.

Long story short: don't uncheck IPv6 on the server that is running Exchange 2013. You will have problems. Microsoft themselves say that they neither test nor support a configuration in which IPv6 is disabled in the NIC properties.

The problem at the moment is that not many ISPs are IPv6 compliant, and not many organizations have the resources or time to properly implement IPv6 services on their network. As in my colleague's case, IPv6 is enabled by default in current versions of Windows, but without IPv6 DHCP or auto configuration, the address that gets assigned is not always very useful, and can cause communications issues by itself. Even worse, most Windows Servers will try to register that IPv6 address within DNS as an AAAA record.

As a result, let's say that theoretically you have a single exchange server (exmbx01 on Server 2008 R2), a single domain controller that also runs DNS and DHCP (IPv4) (dc01 also on 2008 R2), and your client workstation (desktop01 running Windows 7). You try to ping exmbx01 from your workstation, and more than likely, you will be pinging an IPv6 address that starts with fe80, and your pings will fail. This happens because most likely your Exchange server registered its IPv6 address in DNS, and all Windows clients that are Windows 7 or Windows 8 will try to fetch an AAAA record first. In some cases, it might still work, but what if your Exchange server and client are separated by a site-to-site VPN or MPLS that is tunneling IPv4 traffic?

A lot of times, lazy admins will simply disable IPv6 on the servers, pat themselves on the back, and call it a day because everything seems to be working.

Enter Exchange Server 2013, the latest and greatest. While the above "solution" will basically work for the majority of organizations, it's not supported at all in the latest revision of Exchange Server. In fact, Exchange will simply fail to install if IPv6 adapters are disabled. Furthermore, an incomplete install of Exchange 2013 in this manner will have other, more serious problems, as outlined by this post: http://memphistech.net/?p=264

The correct solution is either to keep IPv6 enabled, or to selectively disable it via the registry.
The proper way to do it is outlined here: http://support.microsoft.com/kb/929852

Labels: ,