1 2 Previous Next 16 Replies Latest reply on Jan 14, 2020 2:40 AM by schindlerdvi

    vCenter LDAP binding and signing

    LucFullenwarth Novice

      According to Microsoft, LDAP binding and signing will automatically be enforced on January 2020.

       

      https://support.microsoft.com/en-ca/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

       

      I have enabled LDAP logging on domain controllers.

       

      Set-ItemProperty hklm:\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics -Name '16 LDAP Interface Events' -Value 2

       

      It appears that the vCenter is comming out in the "Directory Service" log with a lot of 2889 events:

       

      The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification),
      or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.

       

      Does anyone know how to make the vCenter (vSphere 6.7U3) use LDAP binding (No anonymous or Simple but SASL authentication) and signing?

        1 2 Previous Next