none
EPM handling of IPv6 based mapping request/response RRS feed

  • Question

  • I am looking at packet captures of DCERPC based traffic in the following environment:

    Client

        Windows 7 32-bit with both IPv4 and IPv6 addressing enabled

    Server

         Windows Server 2008 64-bit with both IPv4 and IPv6 addressing enabled

         Exchange Server 2010

    What I have done is run wireshark and filter based on dcerpc traffic while oulook is started and connnects to the exhange server. Here is the resulting map response from the server. Note that both the client and server are using IPv6 to communicate:

    The IP address in floor 5 is supposed to be the IP address of the server that is running the requested service. However note that it is set to 0.0.0.0. I repeated the same capture after disabling IPv6 on the client co that IPv4 would be used and the IP was filled out correctly as the servers IPv4 address. This seems very strange to me since it implies that EPM mapping requests do not support IPv6. For example, if the requested service was mapped on a different host the server will not fill out the IP address in floor 5 correctly and therefore the RPC would fail. In my particular case it looks like the client is defaulting to the IPv6 address of the server in the case where the returned IP is 0.0.0.0 since communication between outlook and the exchange server still works correctly.

    I can't find any documentation/specifications related to IPv6 based EPM requests. I suspect what is happening is the floor 5 field in the EPM map response packet can not hold an IPv6 address and so it does not fill it in. If anyone has any insights to share that would be greatly appreciated. 

    Thursday, August 30, 2012 5:44 PM