Win2k8R2 Obtaining DHCPv6 address, but has static configuration

Question

I have a Windows 2008R2 server on a dual-stack network.

IPv4 is working fine (statically assigned) but the IPv6 stack is misbehaving; I have configured it with a static IPv6 address (::bbbb:150 below) but it is also obtaining a lease from my DHCPv6 server (::babe:e3a0 below).

It used to ALSO configure itself with an autoconf address until I disabled RA discovery.

This causes problems with external firewalls since the DNS name resolves to multiple addresses, the firewall rules get all mixed up because it can only create a rule for one of those addresses, which may or may not be where the traffic is to/from!

How can I prevent the NIC from getting a IPv6 DHCP lease?

Note: IPv6 is working on this host, just with twice as many addresses as it should have! I have another Win2k8R2 server that does NOT exhibit this behaviour; it has only static addresses (v4 and v6).

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SVR-APP-WIN1
   Primary Dns Suffix  . . . . . . . : xxxxxx.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xxxxxx.local
                                       ftg.mycompany.com.au

Ethernet adapter IDMZ Team:

   Connection-specific DNS Suffix  . : ftg.mycompany.com.au
   Description . . . . . . . . . . . : IDMZ Team
   Physical Address. . . . . . . . . : 2C-76-8A-A9-66-10
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:44b8:4126:xxxx::babe:e3a0(Preferred)
   Lease Obtained. . . . . . . . . . : Friday, 16 March 2012 12:39:49 PM
   Lease Expires . . . . . . . . . . : Wednesday, 18 April 2012 9:40:03 AM
   IPv6 Address. . . . . . . . . . . : 2001:44b8:4126:xxxx::bbbb:150(Preferred)
   Link-local IPv6 Address . . . . . : fe80::99fb:d357:65fb:219e%16(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.31.0.150(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.128
   Default Gateway . . . . . . . . . : 2001:44b8:4126:xxxx::f0
                                       172.31.0.254
   DHCPv6 IAID . . . . . . . . . . . : 388789898
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-3A-4A-A0-2C-76-8A-A9-66-11
   DNS Servers . . . . . . . . . . . : 2001:44b8:4126:xxxx::f1
                                       2001:44b8:4126:xxxx::f2
                                       172.31.0.254
                                       172.31.1.11
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       ftg.mycompany.com.au
                                       xxxxxx.local

Tunnel adapter isatap.{374F349C-612A-4FCF-A06D-F14D0BA1E616}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ftg.mycompany.com.au
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Answer 1

Running netsh and disabling a few options will do the trick in this instance.

# This is what I did last week to stop the AutoConf address being added
netsh interface ipv6 set interface "IDMZ Team" routerdiscovery=disabled

# This stops the interface from obtaining DHCPv6 lease
netsh interface ipv6 set interface "IDMZ Team" managedaddress=disabled
netsh interface ipv6 set interface "IDMZ Team" otherstateful=disabled