How to disable DHCP ipv6 on Cisco DPC3939B? DNS settings?

First off, Thank You so much for the detailed advice here, much appreciated.  It has been VERY hard to get great information on this.

So if I follow you correctly and by referring to my screenshot added, by just unchecking DHCP Stateful, this should disable DHCP IPV6 on the router correct?  So then the windows server would handle ipv6?  If do, I know it may be complicated there, would you know any tutorials how to set up IPV6 on the server?  I guess I would create a scope for ipv4, do you do the same for ipv6?  I am sorry, but ipv6 is so baffling to me so far until I can fully grasp it.  I hear I can have the router handle all DHCP even though the server dhcp is best practice.  Maybe just having the router handle all DHCP may be easier in my small office situation?  I guess I don't want to lose IPv6 since it is finally something of the present and future now.

As far as the screen shot, even though you say only unchecking the DHCP Stateful button, "Do NOT mess with anything else", do mean only in the IPV6 section?  I would still need to uncheck "Enable LAN DHCP" of IPV4 correct? And also enter the Comcast DNS servers manually correct? 75.75.75.75 & 75.75.76.76.

For now, can these settings be sufficient using the 3939B router without bridging it?  I really need to get the server up and running as I have lost soooo much time on this IPv6 thing.  I will definitly take your advice and look into using another router and modem and dyndns to set up a static ip. (I do have a asus ac router I could add to this if absolute need be) I don't have the comcast extetnal static ip extra cost...  for now can I just do without the static ip as I don't need to remote in to the server and I notice my external ip stays the same for a good while.  Can I set up without all of that until I can look into dyndns etc?  Or is getting / paying for a static external ip a mandatory thing getting the server up and running?  I know to set my server dns to static on the LAN in windows... but do I "have to" set up a external static ip?  Again, my small office 5 users or so.

Thank you again, I hope this helps others searching as I could not find much good quality advice like this.  Train_wreck has offered equal great advice also! ; )

EDIT:

Finding some good EASY to understand videos:

https://www.youtube.com/watch?v=qaWR5r7owyc

https://www.youtube.com/watch?v=knu0folNoCs

"..So if I follow you correctly and by referring to my screenshot added, by just unchecking DHCP Stateful, this should disable DHCP IPV6 on the router correct?..."

not exactly

"...So then the windows server would handle ipv6?..."

No not exactly.

OK here is the way this works.

In an IPv6 network you have hosts and routers.  A server like a 2012 Essentials server is a host.  A router is a device like your DPC3939B

Routers all advertise via SLAAC and/or by DHCPv6 Stateless.  BOTH of those protocols ONLY ASSIGN ipv6 ADDRESSES and the default IPv6 gateway.  They DO NOT assign DNS server addresses, domains, etc.  SLAAC is defined in RFC 4862.

All 3 Comcast business gateways advertise IPv6 via SLAAC.  There is no way to turn that off.  All of them have the option to turn on DHCPv6 and that's where it gets tricky.  I'll explain in a moment.

So, how do hosts get IPv6 DNS servers automatically?  There are 2 ways:

First there's an extension to SLAAC defined in RFC 6106 that allows routers to include the extra DNS server in router advertisements.  SOME hosts pay attention to this, others do not.  Windows DOES NOT pay attention to these extra IPv6 attributes.  Older Cisco IOS versions also DO NOT pay attention to these extra attributes.  newer ones do.

The Comcast routers advertise these extensions.

Second, there is "stateful DHCPv6"

The way that a Windows network is supposed to do it on IPv6 is as follows:

1) if you DO NOT HAVE a DHCP server (ie: DHCP for IPv4) then you leave DHCPv4 turned on on the Comcast router, AND you leave DHCPv6 Stateful turned on on the Comcast router.

The Windows systems will get their IPv6 either by SLAAC or by DHCPv6 Stateless.  Once they have an IPv6 address they will then try a DHCPv6 Stateful query to get the IPv6 DNS servers and IPv6 default GW if needed.

2) If you DO HAVE a DHCP server (ie: DHCP for IPv4) then you leave DHCPv4 turn OFF on the Comcast router AND you leave DHCPv6 Stateful turned OFF on the Comcast router.

The Windows systems will get their IPv6 by SLAAC.  They will then attempt to get an IPv6 DNS server through DHCPv6 Stateful.  IF YOU HAVE SETUP ONLY A DHCPv4 server, this will then fail - and the Windows systems will then default to using only IPv4 DNS to lookup IPv6 addresses

IF YOU HAVE SETUP both a DHCPv4 and DHCPv6 server then your Windows systems will get an IPv6 via SLAAC then IPv6 DNS server via DHCPv6 Stateful.

AS I SAID if you are setting up an Active Directory server - which is what you are doing when you are setting up Windows 2012 Essentials - then YOU MUST MAKE THE ACTIVE DIRECTORY SERVER THE DNS AND DHCP SERVER.  That means FOR AT LEAST IPv4.  So, you MUST TURN OFF ALL DHCP SERVERS ON THE COMCAST ROUTER both the IPv4 and IPv6 DHCP Stateful server.

if the Comcast router is IP addresss  10.0.10.1 then the Essentials server should be 10.0.10.2.  When the Essentials server aks if it's the primary DNS server say YES.  When it asks if it's the DHCP server say YES.

When the Essentials server asks what the DNS Forwarder IP addresses are put in 75.75.75.75 and 75.75.76.76. 

That is all there is to it.  That will setup IPv4 and IPv6 on your internal network and everything will work.

  If you want to get fancy you can investigate how to turn on DHCPv6 services on Windows Essentials but it is not important.  Your machines will get their IPv6 addresses via SLAAC from the router and they will get their DNS servers via DHCP from the Essentials server.  Ipv6 queries will work fine they will just go over IPv4.

My screenshot was for example only...don't use any of those settings.

Glad the DOMAIN name thing worked for you.  I eventually ahd to just reisnatll Essentials also to get it to work how I wanted.  Apaprently it is impossible to rename the .local to anything else (.com, .net, etc.) due to Certificate Authorization or soemthing.  I am sure it isn;t impossible as I did find some stuff on renaming a domain, but it was very scary and NOT recommended...so there fore bets to start from scracth...because I can at the moment...but I was quite upset after I initially set up Essentials, and found out AFTER THE FACT that .local could NOT be renamed to .com.  I was furious.  I am still glad I bought Essentials though..since small business, and can do without all those CALS etc etc.  I just use Server Manager etc to "feel" like I have the power of the Standard edition.  ANd use the Essentials part when needed.

First of all, I'd like to thank you for sharing the information.  In order to incorporate the renaming of our server, I reinstalled MS Server 2012 R2 Essentials following the "Elvis" post.  It worked spot on.  I also looked at the IPV6 and I felt like I was moved from the proverbial "frying pan" to the fire.  

I also tried configuring my 3939B modem like you had in your screen shot and following the other posters recommendations and boy did I mess something up!  If I went out to a site requesting my IP address, I get my IPV6 addres.  I also bet that I'd have to create a role on my server.

Thank goodness I'm not "under the gun" to get our server up and going.  But the amount of time I've got in this project is incredible and I'm stubborn enough to hand in and learn what I can. 

I also really have to admire the Professional IT Community.  If you can learn, retain, and make use of this information without having an office full of upset people, I salute you!

Regard, 

TG

I don't know how long or hard you've been studying this but you are doing exceptional.  I've not had anything go smoothly on my end.  I did take down a Secure Computing SnapGear 565 that I'm really close to bringing back on line.  The 3939B goes in Bridge Mode, and life moves on.  Is it what I really want? No.  The SnapGear is probably 8 - 10 years old, and can cause its' share of problems. 

There are soooooo many opinions, and only so many forums to visit to have a question "blasted", with the subsequent terse ridicule.  I work in a professional field, scientific in nature, and get asked questions all the time.  I've never ridiculed, or tried to make an example out of anyone.

I've tried IPV6 Statefull, Stateless, and it makes no difference on my end.  I've taken the server offline for now.  Back to the books, video's, etc... and doing what I really do for a living. 

However, I'd like to see you get this project up and running.  Life is too precious to waste and you've got a ton of time in it.

For now, I have to find a solution to the 3939B and Comcast having SMTP port 25 blocked.  For some reason the SMC modem didn't have a problem with it but the 3939B does.  I know that Comcast is blocking the port, but up until Friday my scan to email feature worked just fine.  Another stab in the heart.

Regards,

TG

Sorry, I couldn't get back sooner, just too busy.

Thank you for wonderful help. :0)

I actually do follow almost everythign you are saying... and have been learnign QUITE a bit from both you and train_wreck.

I guess I may be overcomplicating things.  So you don't have to rehash everything again, maybe I can just get your advice or suggestion on what I should do here based on everything you have said and my scenario.

Ok, before I got into this SERVER setup, I didn't really know much of anything "server-wise".  I have learned quite a bit since then.  The FIRST thing I was told was to DISABLE BOTH IPv4 and IPv6 on the ROUTER no matter what in order to set up DHCP on the Windows server.

So obivously, that has been my "mission".  Ipv4 was staright forward.  Disable on router, make server static 10.1.10.2, GW 10.1.10.1. Primary 10.1.10.2 (or 127.0.0.1) Secondary 8.8.8.8 or OpenDNS etc.  Good.  But NOT SURE what to put in the ROUTER, do I ENABLE "Assign DNS Manually" and enter the same Primary and Secondary?  or do I use the COMCAST servers 75.75.75.75, 75.75.76.76?  That should clear that last bit up for IPv4.

Now, the IPv6.  I do follow what you are saying.

Points 1) and 2) are obviously not what my goal is.  Goal is a AD server with BOTH Ipv4 and IPv6 set up on the SERVER, so point 1) out.  Part of Point 2) sounds closer to what I assume I need, AS LONG as BOTH IPv4 and Ipv6 are set up as you continue to describe further I see here.

"IF YOU HAVE SETUP both a DHCPv4 and DHCPv6 server then your Windows systems will get an IPv6 via SLAAC then IPv6 DNS server via DHCPv6 Stateful."

This seems my BEST option, but just not certain how to exactly accomplish this..the DHCPv6 portion of it.

Again, my END GOAL here is to get both IPv4 and IPv6 OFF on the ROUTER, so the SERVER can do both IPv4 and IPV6 DHCP...  simple as that really...yet again, I am probably making it harder than it should be.  I guess my biggest wall holding me up here is it just doenslt say DISABLE IPv6 on the router, and the Stateful and Stateless part is just confusing me to no end.  What I gather from your advice from the beginnign, is to just TURN OFF (or UNCHECK) Stateful (Use Dhcp Server) and I should be good to go...and as you also emntioned, do not mess with anythign else here.  I.e. even the CHECK/UNCHECK "Assign DNS manually" for IPv6?

So if I uncheck Stateful.  Then go to my Windows Server, set up my Ipv4 scopes and forwarders, what in the world do I enter for the SCOPE for DHCPv6 on the server?  I am lost here.  But this portion MUST be completed correct to do as you describe again here:

"IF YOU HAVE SETUP both a DHCPv4 and DHCPv6 server then your Windows systems will get an IPv6 via SLAAC then IPv6 DNS server via DHCPv6 Stateful."

Here is a screenshot that may help:

What Prefix goes here?  I guess there are multiple or (3) different ones that can be used?

Link-Local GW: fe80: etc? (this is just INTERNAL correct?)

Global GW: 2601: etc? (what is this?  is this something like or is the STATIC address from Comcast?)

Then maybe a documentatoin zone whih I don't understand, for testing?  2001:DB8::?

This is where I am totally confused.  I don't know exactly what they are each for?

Do I enter in the Link-Local or the Global GW addresses that are in the router config Local IP network page?  On the router they are dimmed out, so obviously not for changing, but settings maybe I should be using for the WINDOWS SERVER?  I am not using a STATIC IP from Comcast nor want to. (will use one from elsewhere later as I need to).  From what I undestand Comcast is not handing out static IPv6 external ips anyways..and don't need that either....yet I guess.

So the Ipv6 prefix is from left to right the first (4) items?  correct? i.e. fe80:0:0:0 (yes I know the shortcut for the zeros and colons) or 2601:422:4101:700 (I changed them for security reasons if it matters)... I am not clear on all this.  I tried entering these, and it said "The prefix entered is invalid."  SO not doing something right here.

If I enter 2001:DB8:: (for testing??), it lets me proceed to the next screen shot to add exclusions.

Don't know what to enter here:

Thank you again for sticking with me on this...  I am sure it isn't quite a walk in the park..but thank you.  :0)

!  I don't know how to turn off emoticon coding!  therefore all the smileys?

oy, NetBuoy..... I haven't heard that in a coon's age 😉

And to tmid1971 and ShifterKartRacer, I am working up some replies for both of you, apologies. Been moving house recently, kinda tied up with that

It was not my intention that you would setup DHCPv6 on the server at all (or DNS IPv6) at least not during the initial installation, as it appeared you did not want to activate IPv6 at this time.  If you do want to activate IPv6 DHCP and DNS on the server then you have a whole bunch more reading to do!  But, let me try giving you a birds eye view of IPv6 in this setup:

If you have a Comcast business gateway, the out-of-the-box setup is that it obtains a "public" IPv4 address from Comcast via DHCP.  This is assigned to the gateway's WAN interface.  Then a translated IPv4 address, 10.0.10.1 with a subnet 255.255.255.0 is applied to the inside LAN interface and the DHCPv4 server is turned on.

The gateway then obtains a /56 IPv6 subnet and assigns a /64 out of it to it's LAN interface.  Further IPv6 assignments on the LAN are /64 assignments made by SLAAC and Stateful DHCPv6

It is important to understand that in IPv6, you have Stateless DHCP and Stateful DHCP.  Stateless DHCP is like SLAAC in that it just assigns IP addresses.  Stateful DHCP assigns the DNS servers, etc.  An IPv6 client can obtain IPv6 addressing either via IPv6 SLAAC followed by "enhanced SLAAC" or it can obtain IPv6 addressing via Stateless DHCP followed by Stateful DHCP  Or it can do it by a mixture.

You cannot fully configure an IPv6 client simply by Stateless DHCP.  You cannot fully configure it by standard SLAAC either.  Stateless DHCP and regular SLAAC are basically "first stage bootstraps" used to get only the IP address.

By default in this setup SMTP is blocked.

This is a standard kind of setup for a LAN network that is composed of "client workstations"   And it works.  Out of the box Windows workstations only implement standard SLAAC and Stateless DHCP followed by Stateful DHCP.  So, in this setup a Windows workstation sets up to use IPv4 for addressing and then tries SLAAC, that works, so it drops any further attempts to use Stateless DHCP.  In effect, it sets up to use IPv4 for connectivity and DNS, and IPv6 for connectivity but not DNS

When you do a Windows Essentials installation, you want it to be the DNS/DHCP server for everything both IPv4 and IPv6.

If you don't configure the server to be a DHCPv6 server or a DNSv6 server AND you turn OFF Stateful DHCPv6 on the Comcast device then your workstations will only get IPv6 addressing from the Comcast gateway.  They won't get IPv6 DNS servers from the Comcast gateway or any other stuff.  The Server will also only get IPv6 addressing from the gateway.  As a result your network will be using IPv4 for connectivity and DNS, and IPv6 for connectivity only.  And since it will be doing IPv6 automatically you don't need to know anything about IPv6.

Now, IF during your Essentials installation it is not properly setting up for this, then something else is going wrong with the Server Essentials network autodetection - and you have my sympathies!  If I was tasked by a customer to solve this the first thing I would ask is "do you have a static IP" and if they said no, I would send the Comcast device back to Comcast and replace it with a "dumb" cable modem and a router set to use 192.168.1.1.  Then I would turn off IPv6 on the router, and turn off DHCP on the router, and install the server, telling it that it has a static IP of 192.168.1.10, a gateway of 192.168.1.1 and your off to the races.  Then after everything was up and running I would turn back on IPv6 on the router and see how things turned out, making any adjustments needed.

If the customer said YES they have a static IP then I would probably ask why.  Server Essentials is not designed to act as a server that provides services to the Internet.  If you are not providing services to the Internet then you do not need a static IP.

If the customer said "I want a static IP because I want to run a VPN server" or something of that nature, I would have them setup with no-ip.com and use a dynamic IP and get rid of the Comcast gateway and use a router or firewall that understood dynamic DNS and no-ip.com

In other words - there's hardly any situation where a SOHO office that would even consider using Server 2012 Essentials would have need to pay for a Comcast gateway.  A business is far better off with their OWN router or firewall and a "dumb" cable modem that is NOT being rented from Comcast.  The ONLY reason to justify paying rent on a Comcast gateway is if you must have a static IP address - and in those cases, you are pretty much forced into buying a static IP subnet and using your own router anyway for a variety of technical reasons.

And one of the biggest technical reasons I can think of is if yoru autodetection on Server 2012 Essentials is not playing well with the Comcast Cisco gateway.  If you cannot get it to properly work with IPv4 DHCP and IPv6 DHCP Stateful turned off on the Comcast Gateway, then you need to replace the gateway.

One last thing on naming of Window servers:

You MUST NOT name any Windows server with a .com name.  The ONLY acceptable name is one ending in .local

The reason for this is that .local is a special reserved DNS tld that is reserved for private networks.

A Windows Server 2012 Essentials when it is installed is installed on a private network.  It thus must have a private name.

Let me explain:

You have a domain name "gronkulators.com"

You want to install a Windows Server on your internal network named "wonkulating"  It's IP will be 192.168.1.5

You have a translating router plugged into your cable modem, with an outside IP of 34.34.34.35 and an inside IP of

192.168.1.1

You port forward WWW from the outside 34.34.34.35 to the inside 192.168.1.5

You install your Windows Server with the name "wonkulating.grohkulators.local"

In the INSIDE DNS you do the following:

wonkulating.gronkulators.local is assigned 192.168.1.5

In the OUTSIDE PUBLIC DNS you do the following:

wonkulating.gronkulators.com is assigned 34.34.34.35

If a host on the INSIDE tries to get to the server named "wonkulating" it is going to ALSO be using the reserved domain gronkulators.local so a simple query to "wonkulating" will be expanded to "wonkulating.gronkulators.local and the IP returned will be 192.168.1.5

You DO NOT configure hosts on the INSIDE to EVER use the fully expanded name of wonkulating.gronkulators.com

Because, THIS NAME only has meaning for IP address 34.34.34.35 and you do NOT want hosts on the INSIDE from sending traffic to the router just to have the router translate it and send it right back inside.

Whoever told you to use gronkulators.com as a domain name on the INSIDE server is an idiot.

ALSO, there is NO POSSIBLE WAY in the Windows universe to change the name of an active directory server UNLESS YOU REINSTALL IT.

Once you set the name of your Windows 2012 Server Essentials server when you install it, that name is branded not only into the server but into a dozen different internal databases because it is the master root directory server.  Microsoft has NEVER provided a utility that will root out all of those locations and rename the servername.

LASTLY - the word "domain" in the Windows universe DOES NOT MEAN the same thing as "domain" on the Internet.  Internet domains are like .com, .net, etc.    Microsoft domains are the old IBM Lanmanager "domains"  This terminology dates from the era when IBM actually believed that it's Lanmanager (which was built on an obsolete protocol called NetBEUI) was some sort of a competitor to Unix TCPIP and IBM deliberately use the name "domain" to FUD people about TCPIP.

When Microsoft implemented LanManager for OS/2 1.x under contract to IBM, they used this terminology.  Then later when Microsoft came out with Windows NT they ripped off the Lanmanager protocol for it and kept the terminology because they wanted to replace OS/2 1.x servers with NT servers.  Then years later when the Internet became important, Microsoft tried replacing Windows domains with the name CIFS but that never took.

Believe it or not NetBEUI is still to this day used in industrial setups in particular for CNC machines.  Several I can think of are the Quintax 5 axis and the 2009 Haas VF3.  These are very expensive systems that use MS-DOS-based controllers and just because Microsoft does not like something anymore does not mean that people that own these systems are simply going to throw them away on Microsoft's whims.  Incidentally we likely aren't going to see that disappear anytime soon since the problem with moving that kind of controller software to Windows is that Windows allows preemption.  When a CNC machine is cutting a metal part and the blade is moving right along the machine cannot wait 500 milliseconds for Windows to service a network interrupt or something.  That is why they still use DOS  (likely the free OpenDOS these days) for these.  Lots of old timing-critical assembly-language software buried in there.

The usual procedure is to run Windows 7 32 bit and find an old Windows XP system install CD and load from  VALUEADD\MSFT\NET\NETBEUI  Or find a running XP system and copy Nbf.sys to the %SYSTEMROOT%\System32\Drivers directory and copy Netnbf.inf to the %SYSTEMROOT%\Inf hidden directory.  Then add NetBEUI to networking and in Control panel, Administrative tools, local security policy, local policies, security options you search for "Network security: LAN Manager authentication level" double click it, select from pulldown menu "send LM & NTLM responses"  Often you have to turn off UAC as well.

I have not yet seen anyone who got it to work in 64bit mode or under windows 8 or later so don't know about that one.  In my world the industrial customers I have, have the biggest problem is with RS232.  PCs nowadays don't come with serial ports and there's only 1 serial port chipset out there (the Oxford) that I have found to work reliably under Windows 7 and it's always a crapshoot buying serial port cards since they may have that chip or they may have the MOSchip in them.  Ironically, the MOSChip (the other major serial  chip) is the only one I have found that works reliably under Linux. Most cards use cheap Chinese clone knockoffs of either of those chips which adds to the fun.

yeah I hear you on the RS232; it's essential to configure many higher-end/enterprise networking equipment. i seem to remember a vendor recently getting mad that companies were counterfeit reproducing their USB-to-Serial chips, and so released a driver update that would permanently kill any "non-genuine" ones. Can't remember which one....

EDIT it was FTDI http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/

No hurry train_wreck!!!  I personally just appreciate ya'lls help here.  Best I have come across yet.  ; )

Yeah, moving is NO fun!

Ok, do NOT take any of this personal, but I may be end up ranting to no end out of pure frustration and CONFUSION.  You and train_wreck have been awesome btw. ; )

I think what I am going to do is just turn off IPv4 on the router.  UNCHECK Stateful(Use Dhcp Server) as you suggest, leave Assign DNS manually UNCHECKED with NOTHING entered in either IPv4 or IPv6 router config.  Install Essentials, let it use .local as apparently now that has always been the standard, then it was decided it wasn't best practice, but now it is or always has been..I don't care... i have NO clue anymore about the d a m n .local crap.  I just don't want problems later as I GOT ONE SHOT with this domain name.  I guess using a third level prefix is not good either as I planned.  So for now, I'll settle with the dot d a m n local.  I have read about certificate signing and lost on that also.

HOPEFULLY Essentials will pick up that DHCP is OFF on the router (well...the problem stills stands, Ipv4 will probably be fine, but who knows with the IPv6, because I SURE DON'T).  So I'll have to see what happens with the IPv6 of the router and what Essentials does with it and the consequences of whatever comes from this autodetection and wizard setup.

If none of that works like it should, then I'll through my own router into the mess and figure that system out and figure out bridging which I am not clear on either.  I'll get no-ip later AFTER I get over these hurdles of fire with my shorts doused in gasoline.

No wonder it's taken soemthing like 20 years for IPv6 to catch on...it's PURE HORSESCHIT.  Only the few can make this mess out... the average human being such as me sees it as garbled mess... kind of like a computer seeing a MYDOMAIN.COM name and cannot do anything with it until it's converted to binary in order to process it.  I guess I need this all flipped around and all this BINARY mess converted to ENGLISH for me to process and understand. : /

Offically wore out on this.  : \