我目前正在评估Server 2012作为Linux和Windows工作站和服务器的小型异构networking中的域控制器,所有这些都将最终join到域中。 这是一个100%的双栈networking; 每个设备都具有IPv4和IPv6连接。 路由器是运行radvd 1.9.1和其他各种必需品的Linux服务器。
我刚安装了第一个域控制器, 它的域名是ad.businessname.com (其中businessname.com是由外部DNS服务器处理;该域也有公共网站,电子邮件等,这些将不会被join到域)。 它是安装了AD DS和DNSangular色的服务器核心。 一切似乎都很好,我准备build立第二个DC,并开始join电脑,但…
现在我的networking上有额外的IPv6路由器广告,宣传唯一本地地址 。 它还广告实际路由器正在广告的本地IPv6前缀。 起初我以为这些RA是源自域控制器,因为它们在我closures时就消失了,但在运行Wireshark之后,我发现它们来自我的实际IPv6路由器。 Wireshark表明,这个版本的RA很快就会来自DC的fd4a:e7ab:34a5 :: 1的邻居请求。
奇怪的是,路由器也发送当networking域控制器不存在时通常发送的原始路由通告。 RA的这个版本匹配/etc/radvd.conf (副本如下)。 与Wireshark的快速会话证实,这两个版本的路由器通告都来自运行radvd的Linux路由器的MAC地址。
到目前为止,这些似乎无害,因为我的IPv6连接还没有被额外的RA的存在所中断。 但是由于我已经拥有全球的IPv6连接,所以ULA看起来没有必要和不必要。
我已经花了大量的时间和今天的互联网去尝试弄清楚发生了什么事情,但是除了暗示可能与IP助手服务有关的事情之外,没有什么可以解释的东西(模糊的警告不是把它关掉)。 但据我所知,当本地IPv6可用时禁用此服务应该是安全的。
所以我的问题是:
各种configuration信息如下:
这里是一个被发送的RA(如radvdump所示,比IMO Wirehark的输出更容易读取)。 你可以看到它是广告ULA和公共前缀(在这里模糊)。 当我closures域控制器时,这个版本的RA停止出现在networking上。
# # radvd configuration generated by radvdump 1.9.1 # based on Router Advertisement from fe80::20c:29ff:fef4:66f1 # received by interface eth0 # interface eth0 { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag off; AdvOtherConfigFlag on; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 0; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; AdvLinkMTU 1500; prefix fd4a:e7ab:34a5::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 86400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition prefix 2001:db8:16:bf::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 86400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition RDNSS fd4a:e7ab:34a5::1 { AdvRDNSSLifetime 86400; }; # End of RDNSS definition DNSSL businessname.com { AdvDNSSLLifetime 1800; }; # End of DNSSL definition }; # End of interface definition
这里是原始的路由器广告,与路由器的/etc/radvd.conf匹配,并且仍然被发送到networking上,与上面的交替:
# # radvd configuration generated by radvdump 1.9.1 # based on Router Advertisement from fe80::20c:29ff:fef4:66f1 # received by interface eth0 # interface eth0 { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag off; AdvOtherConfigFlag off; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 64; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; prefix 2001:db8:16:bf::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 14400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 { AdvRDNSSLifetime 600; }; # End of RDNSS definition }; # End of interface definition
域控制器上安装的angular色/function的列表:
[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"} Display Name Name Install State ------------ ---- ------------- [X] Active Directory Domain Services AD-Domain-Services Installed [X] DNS Server DNS Installed [X] File And Storage Services FileAndStorage-Services Installed [X] File and iSCSI Services File-Services Installed [X] File Server FS-FileServer Installed [X] Storage Services Storage-Services Installed [X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed [X] .NET Framework 4.5 NET-Framework-45-Core Installed [X] WCF Services NET-WCF-Services45 Installed [X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed [X] Group Policy Management GPMC Installed [X] Remote Server Administration Tools RSAT Installed [X] Role Administration Tools RSAT-Role-Tools Installed [X] AD DS and AD LDS Tools RSAT-AD-Tools Installed [X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed [X] Windows PowerShell PowerShellRoot Installed [X] Windows PowerShell 3.0 PowerShell Installed [X] WoW64 Support WoW64-Support Installed
以太网接口的IPv6configuration,如聊天中所要求的那样:
[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet Interface Ethernet Parameters ---------------------------------------------- IfLuid : ethernet_7 IfIndex : 12 State : connected Metric : 10 Link MTU : 1500 bytes Reachable Time : 33500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : enabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 64 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled ECN capability : application
虽然我仍然不清楚为什么会发生这种情况(并且欢迎解释!),现在似乎已经解决了。
我用细齿梳去了networkingconfiguration,发现我的懊恼,默认网关有一个错字!
[dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 12 ::/0 2001:db8:116:bf::1 256 Persiste...
呃,哎呀! 116:bf应该是16:bf 。
于是我修正了这个错字,为了好的措施从以太网接口中删除了ULA地址,并且没有更多额外的RA,我的networking再次开心。
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1 Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y [dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 12 ::/0 2001:db8:16:bf::1 256 ActiveStore 12 ::/0 2001:db8:16:bf::1 256 Persiste... [dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64 Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Wireshark说,在邻居请求,路由器广告或任何其他地方没有ULA的进一步迹象。
我不能解释为什么你的DC发送路由通告,但你至less可以尝试禁用它们的接口
netsh interface ipv6 set interface interface="Local Area Connection" advertise=disabled
这应该是根据netsh帮助的默认设置,似乎没有任何其他意义,因为你的DC大概不是一个路由器。