Good afternoon,
We're currently supporting an environment where we have 3 domain controllers (2008 R2) serving a single AD Site, all equally weighted .
We have a NLB load balanced IP-HTTPS only DirectAccess implementation where machines also contact the same three DC's.
Someone in their infinite wisdom has decided to disable IPv6 on one of those domain controllers. I'm not sure why and there was no documented change to disable it.
What would the expected impact of this be in instances where DA connected clients were to contact the single server with Ipv6 off?
I believe this was a contributing factor to us having issues with Teredo connections originally, as I can see a IPv6 enable DC is required as a minimum: https://technet.microsoft.com/en-us/library/ee382305(v=ws.10).aspx
The question I have however is with IP-HTTPS connections. Would clients simply fail over to the other 2 DC's that do have ipv6 enabled or would all manner of oddness occur? Specifically I'm wondering if group policies might encounter difficulties being processed?
On one of our client machines the following was noted:
The processing of Group Policy failed. Windows attempted to read the file \\xxx.xxx.xxx.xxx\sysvol\xxx.xxx.xxx.xxx\Policies\{3XX2XXX0-016D-11D2-94XF-00CXXFB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
So just trying to troubleshoot and strengthen my case to turn IPv6 back on on the DC in question.
Thanks for your time!