Tuesday, April 22, 2008
Monday, April 21, 2008
Now, for my reason: In Windows Server 2008, you cannot uninstall IPv6.
You can only disable it.
In the registry.
Good ole Windows. Here's the thing:
So I've been getting a massive amounts of failed security audits, event IDs 5157 and 5152. They happen in bursts. They're triggered by svchost, and they're destined for the bit bucket. The source IP address comes from 188.8.131.52 (multiclass) to 169.254.203.141 (private, used by Microsoft for null addresses). The cause of this is what is known as "Link-local Multicast Name Resolution," an IPv6 protocol that performs similar functions to DNS. Wikipedia places it best: "[a] packet format that allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link" (Source: http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution)
And performing a little research, I've learned that you cannot, in fact, uninstall IPv6 much as you can in XP & 2003, but instead, disable. And the only way to disable IPv6 traffic on Server 2008 is through Registry hacking. Here's the blurb from Technet: (bold emphasis my own)
Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:
In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under This connection uses the following items.
This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.
Add the following registry value (DWORD type) set to 0xFF:
This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.
For additional information about the DisabledComponents registry value, see Configuring IPv6 with Windows Vista.
If you disable IPv6, you will not be able to use Windows Meeting Space or any application that relies on the Windows Peer-to-Peer Networking platform or the Teredo transition technology.
Thanks Microsoft. I appreciate it.