Share via

Conditional access - Geoblocking - blocks sign-in by IPv6 address while IPv6 is disabled

Admin Huy Than 0 Reputation points
2024-06-21T20:20:54.6733333+00:00

Hi everyone,

We have Conditional Access policy in place to block Office365 sign in from foreign countries and unknown locations (determined by IPv4 and IPv6 in Conditional Access\Named Locations)

This policy has been working fine in the past 3 years. However, recently, we tried to sign in from a server hosted in Azure. The sign in was blocked because of an IPv6 in private, internal range (similar to 192.168.1.0/24 of IPv4).

We checked and confirmed that the IPv6 is disabled on this server.

We wonder why the sign in is blocked by IPv6 while it's disabled in all network adapters.

Below is the sign-in log:

Error Code: 53003 Request Id: ce78d1b7-6923-4a3a-b2af-147XXXXXXXX

Correlation Id: fe188eec-966e-4955-acb5-ab727XXXXXX

Timestamp: 2024-06-07T23:12:35.622Z

App name: OfficeHome App id: 4765445b-32c6-49b0-83e6-1d93765XXXX

IP address: fde4:8dba:2500:a033:6e25:100:a67:10e

Device identifier: 0bfe5a63-6cb2-4e01-b7af-334ee1XXXXX

Device platform: Windows 10 Device state: DomainJoined

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,101 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh Vallamkonda 10,080 Reputation points Microsoft Vendor
    2024-06-24T13:27:41.45+00:00

    Hi @Admin Huy Than

    Thank you for reaching out!

    Even though IPv6 is disabled on the network adapter it might the server is still sending IPv6 traffic his can happen if IPv6 is still enabled in the Windows registry.

    Could you please check if IPv6 is enabled in the Windows registry by following steps.

    Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

    Name: DisabledComponents

    Type: REG_DWORD

    Min Value: 0x00 (default value)

    Max Value: 0xFF (IPv6 disabled)

    Once you have made this change, restart the server and try signing in again to see if the issue is resolved.
    Reference: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows#use-registry-key-to-configure-ipv6

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.