Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The first thought that came to mind: since we're running several Linux servers already on IPv6-only, would it be possible to run a Windows server also exclusively on IPv6?

Last year my intern Joris Claassen has proved that it was possible to run a basic VMware VSphere cluster on IPv6 only, and that included a Windows box as well. So things look bright.

...

To manage the server, Remote Desktop Protocol (RDP) is used, which supports IPv6 without any configuration.

Windows Update

Unfortunately the Microsoft Update servers are also available only on IPv4 (sad).

Microsoft Update

According to Microsoft, Windows 8 will use IPv6, if available, to download Windows Updates. They will works with Content Delivery Networks (CDNs) to extend IPv6 support later. So at this time, for Windows Server 2008 R2, the update servers are accessible only through IPv4.

As a solution I I set-up a dual-stack limiting HTTP proxy server, and added a number of regular expressions to allow Windows updates to happen.

Details of the proxy and the Windows configuration process are described on a separate page.

expressions to allow Microsoft Updates to happen.

Details of the proxy and the Windows configuration process are described on a separate page.

As can be seen from the lists, several other URLs also need whitelisting, such as CRLs and OCSPs.

 

Windows Activation

Same story here. Activating Windows is done by several HTTP POSTs to URLs in the go.microsoft.com domain, which is not (yet) accessible through IPv6:

 

 

http://go.microsoft.com/fwlink/?LinkID=88342

Processor Certificate URL
http://go.microsoft.com/fwlink/?LinkID=88343Machine Certificate URL
http://go.microsoft.com/fwlink/?LinkID=88345Use License URL
http://go.microsoft.com/fwlink/?LinkID=88344Product Key Certificate URL

 

 

 

 

 

 

Since the proxy server was already in place, I just needed to add this domain to the proxy whitelist, and then the Windows activation succeeded.

 As can be seen from the lists, several other URLs also need whitelisting, such as CRLs and OCSPs.

Secunia CSI

This tool monitors installed software for vulnerabilities. We have the corporate version CSI 6. This is a service that registers itself at Secunia to download patch lists, upload results, etc.

...

Connecting to SQL Server on port 1433 does not do anythingyielded nothing, the handshake wasn't establisched, so that's a dead end for now.  Connecting Connecting to RDP on port 3389 however happens with a nice TLS 1.0 handshake (smile)

...