Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Cannot connect to some Microsoft services with active TunnelBroker tunnel  (Read 6641 times)

mwareman

  • Newbie
  • *
  • Posts: 2

Hi,

I have TunnelBroker configured on a pfSense firewall - with an IPv6 'internal' network behind it. On all IPv6 capable devices, the tunnel is working perfectly - I can access just about any IPv6 site (the IPv6 testing sites give 10/10).

However, my wife reported that 'Skype for Business' was not working. Turned out (from the logs) - Skype for Business was resolving the S4B server on it's IPv6 address - and some device between the client and the Microsoft server was blocking the TCP/443 connection to the IPv6 address.

I resolved this on the client with this Powershell:

     New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value 0x20 -PropertyType "DWord"

This modifies the policy on windows to always favor the IPv4 address...

This was a couple of weeks ago..  Now, I notice that none of my Windows machines have got any Windows Updates since I enabled TunnelBroker.

It appears the same issue exists here. Windows Update simply cannot connect to the update servers - until I change IPv4 to being the primary protocol on the machine.

Anyone any ideas why we seemingly cannot connect to some Microsoft services over IPv6? I cannot for one moment believe Microsoft don't have their servers listening - as that would affect all customers. It must be something transit related on HE's network - or at the interconnect between HE and Microsoft's networks - or a transit carrier in between.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2663

Someone else had a post on here that dealt with their inability to connect to Windows Update while using IPv6.  I didn't look for it, but it shouldn't be too hard to find.  You may find the solution to your problem in there (I don't remember the outcome of the post)
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 258
    • aRDy Music

No change was made on my end, and I started receiving updates again.
Logged

mwareman

  • Newbie
  • *
  • Posts: 2

Good to know - thanks. I'll pull off the mitigation and see if it's resolved for me as well...
Logged

tomeq

  • Newbie
  • *
  • Posts: 1

Just to update the topic - yes, the issue still persist and it is present for a loooong time now. Windows Update stops, Windows Activation never happen to finish, Skype - all do not connect whenever IPv6 and routing through HE tunnel is enabled. Disabling IPv6 on the machine (mac, windows, no matter) resolves the problem instantly.

There are periods when it doesn't happen but majority of time, Microsoft services are unreachable through HE ipv6 tunnel..... :(
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1702

This is your first post to the forums, and may not be using the same tunnel server as OP. So while it has been persistent for you, others seem to work. So maybe provide data showing traceroutes, etc, to determine where it is failing. And at least open a trouble ticket so we can look into it. I cannot find a single trouble ticket opened referencing your account name or email address on file. So this is first we're hearing about it from you.

 
Just to update the topic - yes, the issue still persist and it is present for a loooong time now. Windows Update stops, Windows Activation never happen to finish, Skype - all do not connect whenever IPv6 and routing through HE tunnel is enabled. Disabling IPv6 on the machine (mac, windows, no matter) resolves the problem instantly.

There are periods when it doesn't happen but majority of time, Microsoft services are unreachable through HE ipv6 tunnel..... :(
Logged