2 Replies Latest reply on Feb 3, 2020 12:41 AM by vXav

    LDAP Channel binding failed login

    vXav Hot Shot
    vExpert

      I am doing a bunch of tests in a lab environment where I could confirm the behavior of vCenter, Horizon and App Volumes with regards to the Microsoft march update.

      All 3 are OK with LDAP signing when configured as LDAPS.

       

      However App Volumes is not OK with Channel Binding when LdapEnforceChannelBinding is set to 2 (ok if set to 1).

       

      In the logs I get an LDAP 49 error (failed login) even though the creds are correct.

      The server is patched windows udpate wise.

      I get a 1216 in the Directory Service diagnostic event log on the DC.

       

      appvolumes-ldap-bind.jpg

       

      3 questions :

      • Will the Microsoft update set LdapEnforceChannelBinding  to 1 or 2 ?
      • Is App Volumes just not compatible with channel binding tokens ?
      • Am I missing something?