New for me, IPv6 and DHCP on ISP router, and workstations having domain join issue.

[YeOldeStonecat]

So this afternoon, go onsite to begin setup of new Essentials 12 server at a long time client that needs a server. Had been peer to peer workgroup on a Synology. Metal fab shop, needs to upgrade to Solidworks PDM so needs server with SQL. Just a 4 user shop.
Put Essentials server in there, go to fist computer to do the "Connect" wizard...and it hangs. meanwhile had gone to 2 more rigs..same thing. Eventually errors out cannot find domain controller.
Hmmm...WTF? I killed DHCP on the Comcast router. Fired up DHCP on the server. Server doing DNS, clients have server for DNS. Can ping it by name and get replies. Hmmmm.

I go to join domain manually, the old fashioned way. Can't find.

I start wondering about his old switch and IPv6. So I uncheck IP6 from his rig...go to join..BAM..I'm in.
Fire up the Connect wizard...it starts zipping through, I go to reboot...and it's now stuck in a loop...1/2 way up, Connect wizard prompts to restart again. The solid blue window...before desktop appears. Loop after loop. That got old after a half dozen times. So before I close the Connect wizard...I fire up ctrl+alt+del...and launch network properties. I re-enable IP6. It completes. But...I go to manage computer, local users 'n groups, go to add domain users to local users group..and it cannot resolve AD. So I uncheck IP6 again..and it clicks right in.

Scratching my head...WTF is up with IP6 on this network? IP 4 works, IP6 don't. Ahah! Comcast modem...they've been talking about being IP6 ready...so..wonder if there's another DHCP page for IP6. So I log in...and presto..there it is. I had disabled DHCP for IP4 on the normal spot, but there's another spot now..for IP6..and its own DHCP. Naturally, just like with IP4..you need the domain controllers IP for DNS...

Disabled that...I figure rest of the workstation joins should go smoothly now.

Normally we have our own router in the mix, instead of the ISP gateway...but in this case...very small client, in his past we never had servers running behind it, so for a tiny workgroup I was fine with the ISP gateway. He only needed internet.

 

[Frick]

Newer Comcast routers force feed ipv6 and hijack traffic. You can't disable it on the router.

I learned this the same way you did, server essentials install. The only "fix" I have found is to disable ipv6 on the server and workstations

Before that I use it as an opportunity to show the client the issue to help try and sell them on a utm or better router.

 

[Matthew Bradley]

Surprised you haven't run into this before now. Been dealing with it for over a year. Like Frick said, the only option on some of their gateways is to go around and disable IPv6 on the workstations. What a PITA. The first time we ran into this was because of a firmware upgrade Comcast sent down to a church we manage. Everything worked one day - no one could log in to the DC the next. We about lost our mind over that.

 

[YeOldeStonecat]

Surprised you haven't run into this before now. .

In thinking about it.....it's the only client I have, where I have a server, and we don't have our own firewall at the edge...we're letting the ISP gateway do the edge. At first I was wondering if his older Netgear prosafe switch wasn't handling IP6 properly. So I spun my wheels for like an hour on this.

Quick lesson....always put our own router at the edge...flip the Comcast gateway to pass the pub IP to our router, like we normally do. But it was also good to find out the answer. Turning of IP 6 at the Comcast gateway fixed the issue. This morning I went about doing a few more workstations remotely and all is behaving properly now. Network is functioning as it should..and IP6 is enabled on server and workstations.