Steve-o's questions

A vanilla Workgroup install of Windows Server 2008R1 and following many of available guides:

http://technet.microsoft.com/en-us/library/dd983949(v=ws.10).aspx

1. Full Computer Name set to TSGSERVER.local, Workgroup WORKGROUP.
2. Add roles for Remote Desktop Services and the Remote Desktop Gateway.
3. Create self-signed certificate.
4. Complete install.
5. Export certificate via MMC from Local Computer/Personal/Certificates.
6. Import certificate via MMC to Local Computer/Trusted Root Certification Authorities.
7. Test with rpcping on command line:

    rpcping -v 3
            -e 3388
            -t ncacn_http
            -s localhost
            -o RpcProxy=TSGSERVER.local
            -P "Administrator,WORKGROUP,Password1"
            -H NTLM -u NTLM
            -a connect
            -F ssl
            -B msstd:TSGSERVER.local
            -E
            -R None

Parameters taken from http://technet.microsoft.com/en-us/library/cc772486(v=ws.10).aspx

And the RPC fails:

RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
 Since you have specified the RPC/HTTP proxy echo only option (-E), the endpoint
/interface you have specified will be ignored as no calls will reach the RPC/HTT
P server
 RPCPing set Activity ID:  {0c934a78-201c-40a3-82e8-9700bd928be6}
 RPCPinging proxy server tsgserver.local with Echo Request Packet
 Setting autologon policy to high
 Sending ping to server
 Response from server received: 401
 Use Server Preffered Auth Scheme: 2
 Setting autologon policy to high
 Sending ping to server
 Response from server received: 401
 Client is not authorized to ping RPC proxy
 Ping failed

With the IIS log files being similarly informative:

#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2013-08-28 18:01:02
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status time-taken
2013-08-28 18:01:02 192.168.1.1 RPC_IN_DATA /Rpc/rpcproxy.dll - 443 - 192.168.1.1 MSRPC 401 2 5 514
2013-08-28 18:01:02 192.168.1.1 RPC_IN_DATA /Rpc/rpcproxy.dll - 443 - 192.168.1.1 MSRPC 401 2 5 0

What steps am I missing?

Without installing as a CA one naturally gets a certificate error:

RPCPing v6.0. Copyright (C) Microsoft Corporation, 2002-2006
 Since you have specified the RPC/HTTP proxy echo only option (-E), the endpoint
/interface you have specified will be ignored as no calls will reach the RPC/HTT
P server
 RPCPing set Activity ID:  {b8fc4006-a3e8-4b9f-aa18-e1b951c7fe9a}
 RPCPinging proxy server TSGSERVER.local with Echo Request Packet
 Setting autologon policy to high
 Sending ping to server
 Error 12175 : A security error occurred
 returned in WinHttpSendRequest
 Ping failed

This is documented in KB 831051:

The PRC Ping Utility test may have failed because the certificate is not trusted or because it does not trust the certificate and root authority. The server certificate subject from the RPC Proxy server does not match the one that is specified by -B.

Setting up IPv6 on Linux is pretty trivial, you can follow IPv4 guidelines and give yourself a static IPv6 address.

On Solaris things are not so rosy, IPv6 only works after running in.ripng. After running this you get IPv6 address auto-configuration on the local LAN segment. So whilst I have configured Solaris for one static IPv6 address I ultimately end up with three, the link-local scope, the static global-scope and a auto-configured global-scope:

lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.6.28.36 netmask ffffff00 broadcast 10.6.28.255
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
        inet6 ::1/128 
eri0: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
        inet6 fe80::203:baff:fe4e:6cc8/10 
eri0:1: flags=2100841<UP,RUNNING,MULTICAST,ROUTER,IPv6> mtu 1500 index 2
        inet6 2002:dce8:d28e::36/64 
eri0:2: flags=2180841<UP,RUNNING,MULTICAST,ADDRCONF,ROUTER,IPv6> mtu 1500 index 2
        inet6 2002:dce8:d28e:0:203:baff:fe4e:6cc8/64 

eri0:1 is the static address I have trivially chosen to match the IPv4 host, eri0:2 shows the auto-configured address re-using the numbers from the link-local interface.

in.ripng is configured with /etc/inet/ndpd.conf:

ifdefault AdvSendAdvertisements true
prefixdefault AdvOnLinkFlag on AdvAutonomousFlag on

if eri0 AdvSendAdvertisements 1
prefix 2002:dce8:d28e::/64 eri0

So the auto-configuration extends to all other hosts on the LAN segment so a Linux server with previously only the one global-scope address now yields two:

eth0      Link encap:Ethernet  HWaddr 00:14:5e:bd:6d:da  
          inet addr:10.6.28.31  Bcast:10.6.28.255  Mask:255.255.255.0
          inet6 addr: 2002:dce8:d28e:0:214:5eff:febd:6dda/64 Scope:Global
          inet6 addr: fe80::214:5eff:febd:6dda/64 Scope:Link
          inet6 addr: 2002:dce8:d28e::31/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

Are these sane configurations?

It seems unrealistic to have Internet facing servers that take addresses from their MAC address.

From a development perspective for a networking stack I would like to bind to eth0 with IPv6 and whilst it is simple to ignore the link-local scope interface how I can I select between the two global-scope addresses?

It's difficult to apply RFC 3484 sorting rules as both have the same scope and prefix length.

edit: side note for Solaris admins, after reviewing the system configuration I actually now can get static addressing to work correctly without auto-configuration.