Highlighted
Enthusiast
Enthusiast

ldaps

I read an article. microsoft will release an update i could not fully understand if i should make a change to my system. ı use 6.5 u2 vCenter so What should I do to the system after microsoft update, or should I do any vcenter upgrade. Can you help with this ?

VMware vSphere & Microsoft LDAP Channel Binding & Signing (ADV190023) - VMware vSphere Blog

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirem...

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

0 Kudos
4 Replies
Highlighted
Expert
Expert

because your AD is not connected via ldap you have nothing to do

0 Kudos
Highlighted
User Moderator
User Moderator

Hi,

If LDAP connections are present through port 389, you need to modify them with port 636.

This problem has an impact on any device, Micorsoft Servers, multifunction printers, vCenter, etc ... that queries LDAP or LDAPS using port 389.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
Highlighted
Enthusiast
Enthusiast

What am I supposed to change? Would I not do anything right now? or what am I supposed to do and where do I change it? I can share other information about the infrastructure to be able to control. I am currently logging into vcenter with the AD  user

0 Kudos
Highlighted
User Moderator
User Moderator

Now don't change anything, as Microoft releases updates every second Tuesday of the current month. So there is time.

If you log into vCenter with an Active Directory user and why vCenter runs an AD query and allows you to log in. What you need to check is the way and the port in which vCenter has been linked to the AD domain.

Microsoft is currently looking for temporary solutions, or some workarounds to bypass the problem. We are waiting for news.

As written by Microsoft, in March it will be implemented but not activated, subsequently in the months to come (not yet decided) there will be other updates that will activate the change.

Recommended Actions

Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.

A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos