• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Cannot connect to some Microsoft services with active TunnelBroker tunnel

Started by mwareman, January 15, 2018, 12:19:59 PM

Previous topic - Next topic

mwareman

Hi,

I have TunnelBroker configured on a pfSense firewall - with an IPv6 'internal' network behind it. On all IPv6 capable devices, the tunnel is working perfectly - I can access just about any IPv6 site (the IPv6 testing sites give 10/10).

However, my wife reported that 'Skype for Business' was not working. Turned out (from the logs) - Skype for Business was resolving the S4B server on it's IPv6 address - and some device between the client and the Microsoft server was blocking the TCP/443 connection to the IPv6 address.

I resolved this on the client with this Powershell:

     New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\" -Name "DisabledComponents" -Value 0x20 -PropertyType "DWord"

This modifies the policy on windows to always favor the IPv4 address...

This was a couple of weeks ago..  Now, I notice that none of my Windows machines have got any Windows Updates since I enabled TunnelBroker.

It appears the same issue exists here. Windows Update simply cannot connect to the update servers - until I change IPv4 to being the primary protocol on the machine.

Anyone any ideas why we seemingly cannot connect to some Microsoft services over IPv6? I cannot for one moment believe Microsoft don't have their servers listening - as that would affect all customers. It must be something transit related on HE's network - or at the interconnect between HE and Microsoft's networks - or a transit carrier in between.

cholzhauer

Someone else had a post on here that dealt with their inability to connect to Windows Update while using IPv6.  I didn't look for it, but it shouldn't be too hard to find.  You may find the solution to your problem in there (I don't remember the outcome of the post)

kriteknetworks

No change was made on my end, and I started receiving updates again.

mwareman

Good to know - thanks. I'll pull off the mitigation and see if it's resolved for me as well...

tomeq

Just to update the topic - yes, the issue still persist and it is present for a loooong time now. Windows Update stops, Windows Activation never happen to finish, Skype - all do not connect whenever IPv6 and routing through HE tunnel is enabled. Disabling IPv6 on the machine (mac, windows, no matter) resolves the problem instantly.

There are periods when it doesn't happen but majority of time, Microsoft services are unreachable through HE ipv6 tunnel..... :(

broquea

This is your first post to the forums, and may not be using the same tunnel server as OP. So while it has been persistent for you, others seem to work. So maybe provide data showing traceroutes, etc, to determine where it is failing. And at least open a trouble ticket so we can look into it. I cannot find a single trouble ticket opened referencing your account name or email address on file. So this is first we're hearing about it from you.

Quote from: tomeq on October 13, 2018, 04:41:21 AM
Just to update the topic - yes, the issue still persist and it is present for a loooong time now. Windows Update stops, Windows Activation never happen to finish, Skype - all do not connect whenever IPv6 and routing through HE tunnel is enabled. Disabling IPv6 on the machine (mac, windows, no matter) resolves the problem instantly.

There are periods when it doesn't happen but majority of time, Microsoft services are unreachable through HE ipv6 tunnel..... :(