IPv6 address of a DirectAccess server binds to the wrong network interface in Windows Server 2012

Applies to: Windows Server 2012 DatacenterWindows Server 2012 DatacenterWindows Server 2012 Essentials More

Symptoms


Consider the following scenario:
  • External load balancing is enabled on a Windows Server 2012-based DirectAccess server in a network environment.
  • The network environment contains some IP version 4 (IPv4)-only intranet resources.
  • You use DNS64 to synthesize IPv6 addresses from the IPv4 addresses to reach internal IPv4 resources.
In this scenario, a DNS64 IPv6 address binds to the wrong network interface. Therefore, DNS64 does not function as expected.

More specifically, when you run the following cmdlet, DNS64 displays "Loopback Pseudo-Interface" as the interface name in the AcceptInterface field:
Get-NetDnsTransitionConfiguration 
However, when you run the following command to view the status of the IPv6 addresses, the DNS64 address (prefix:3333::1) is not bound to the Loopback Pseudo-Interface interface:
netsh int ipv6 show address 


Notes
  • The expected behavior is that the IPv6 address binds to the loopback interface.
  • DNS64 is a mechanism that synthesizes AAAA records (IPv6 address records) from A records (address records).
  • After you enable external load balancing, DNS64 accepts a loopback interface.

Resolution


Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix Download Available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, you must be running Windows Server 2012.

Registry information

To use the hotfix in this package, you do not have to make any changes to the registry.

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.


Workaround


To work around the issue, you can manually move the DNS64 IPv6 address from the incorrect network interface to the loopback interface. To do this, follow these steps:
  1. Run the following command to obtain the necessary interface index information:
    netsh int ipv6 show int 
  2. Run the following command to remove the DNS64 IPv6 address from the physical network interface:
    netsh int ipv6 delete address  <physical network interface index> <ipv6 address> 
  3. Run the following command to bind the DNS64 IPv6 address to the loopback interface:
    netsh int ipv6 add address  <loopback interface index> <ipv6 address> /128 
  4. Run the following command to verify the changes:
    netsh int ipv6 show address 
    Note The DNS64 IPv6 address should be bound to the loopback interface.
  5. Restart the computer.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates