Issue
When querying UDP port 389 locally on, or remotely to, a domain controller it fails with "LDAP query to port 389 failed Server did not respond to LDAP query"
One or more IPv6 components were disabled.
On the domain controller used in this example, the following command was used to disable IPv6:
The following commands will also cause this failure:
The following spreadsheet shows a breakdown of how the DisableComponents registry value affects 389/udp.
Resolution
Use any or all of the following commands to re-enable IPv6.
NOTE A reboot of the system is required when disabling or enabling IPv6 components.
Result
After re-enabling IPv6, querying 389/UDP completes successfully.
Conclusion
An environment that utilizes IPv4 and wishes to remove complexity by removing IPv6 may be surprised to find that its not so easily removed. Microsoft's Article, How to disable IP version 6 or its specific components in Windows, explains that the DisabledComponents registry key method is the correct way to disable IPv6. This article also states, "We do not recommend disabling IPv6. However, if you must disable IPv6 or components of IPv6, follow the steps in this article." Unfortunately, disabling IPv6 causes this known failure and may cause other unknown failures.
Thank you for your post and info on this! It helped us out on our AD sync issues!
ReplyDeleteYou're welcome. I'm glad it helped.
DeleteJust wanted to thanks for posting this!
ReplyDeleteYou're welcome.
DeleteThanks...this helped with our Domain Trust issues
ReplyDeleteYou're welcome. I'm glad you found it helpful.
Delete