Fully Disable IPv6 DHCP on Windows Server

I’ve been playing with IPv6 around the lab recently, doing a bit of OCD IPv4 style subnetting except with, ya know, stupidly long addresses.

Off I’d went to the GUI to configure static addressing as one would with IPv4 (hey, look, concealing internal addressing is finally relevant!) In this example I’m running Windows Server 2016.

VMware Tools, however, was still reporting multiple IPv6 addresses in vCenter.

Launching Powershell as administrator and running the following confirmed this-

Get-NetIpAddress -AddressFamily IPv6

The answer lies in this screenshot. This server was still getting an IP address via router advertisement. To fully disable DHCP and RA addressing for an interface, run the following from Powershell as an administrator (interface index can be found in the first screenshot)-

Remove-NetIpAddress -AddressFamily IPv6 -PrefixOrigin Dhcp

Set-NetIpInterface -InterfaceIndex 4 -RouterDiscovery ControlledByDHCP

Set-NetIpInterface -InterfaceIndex 4 -Dhcp Disabled -PolicyStore PersistentStore

Set-NetIpInterface -InterfaceIndex 4 -RouterDiscovery Disabled -PolicyStore PersistentStore

The server may still have dynamic IPv6 addresses, not counting link local addresses, which cannot easily be removed while IPv6 is enabled. This is because changes were saved to the persistent store but not applied to the active store. This can be resolved by running the last two commands as required but with -PolicyStore ActiveStore instead; or by simply rebooting the OS.

Leave a Reply

Your email address will not be published. Required fields are marked *