0

I'm trying to set up a dual-stack environment with two Windows Server 2019 domain controllers. However, when I test the client as IPv6-only, the client fails to authenticate with the AD servers. The DNS works just fine and resolves to the DCs.

Any ideas?

I will provide more information as needed--I'm just not sure where to start. Everything I've checked so far seems to look okay.

Update: After digging a bit deeper, it looks like on IPv6, the connection to LDAP fails during the handshake. The client sends a SYN packet, the server replies with an ACK, but with a different sequence number, and the client then resets the connection and tries again--and then the same thing happens. The client circles through a few different ports, and eventually the connection fails.

akhristov
  • 1
  • 2
  • `I'm trying to set up a dual-stack environment with two Windows Server 2019 domain controllers` - What does that mean exactly? `However, when I test everything as IPv6-only, the client fails to authenticate with the AD servers.` - What does that mean exactly? Are you unbinding IPv4 from the NIC on all of your computers? Are you disabling IPv4 altogether? – joeqwerty Feb 25 '20 at 21:23
  • I'm guessing `dual-stack` means `IPv4 and IPv6 simultaneously`. Please note that the settings of the domain controller are used for a wide variety of background settings when promoted. It would be ideal for you to configure your servers entirely as IPv6 before promoting them to domain controllers. Disabling IPv4 after promoting the server may cause Active Directory to have residual IPv4 settings which are no longer available. – duct_tape_coder Feb 25 '20 at 22:26
  • Clarified--I am leaving IPv4 enabled on the server, just turning it off on the client. I *think* everything should work in parallel, but I haven't seen much information online about dual-stack AD deployments. – akhristov Feb 25 '20 at 23:22
  • I've made an update to the post. The handshake is failing on IPv6. – akhristov Feb 28 '20 at 01:05

0 Answers0