VMware Cloud Community
ferexderta
Enthusiast
Enthusiast

ldaps

I read an article. microsoft will release an update i could not fully understand if i should make a change to my system. ı use 6.5 u2 vCenter so What should I do to the system after microsoft update, or should I do any vcenter upgrade. Can you help with this ?

VMware vSphere & Microsoft LDAP Channel Binding & Signing (ADV190023) - VMware vSphere Blog

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirem...

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

Reply
0 Kudos
4 Replies
berndweyand
Expert
Expert

because your AD is not connected via ldap you have nothing to do

Reply
0 Kudos
Alex_Romeo
Leadership
Leadership

Hi,

If LDAP connections are present through port 389, you need to modify them with port 636.

This problem has an impact on any device, Micorsoft Servers, multifunction printers, vCenter, etc ... that queries LDAP or LDAPS using port 389.

ARomeo

Blog: https://www.aleadmin.it/
Reply
0 Kudos
ferexderta
Enthusiast
Enthusiast

What am I supposed to change? Would I not do anything right now? or what am I supposed to do and where do I change it? I can share other information about the infrastructure to be able to control. I am currently logging into vcenter with the AD  user

Reply
0 Kudos
Alex_Romeo
Leadership
Leadership

Now don't change anything, as Microoft releases updates every second Tuesday of the current month. So there is time.

If you log into vCenter with an Active Directory user and why vCenter runs an AD query and allows you to log in. What you need to check is the way and the port in which vCenter has been linked to the AD domain.

Microsoft is currently looking for temporary solutions, or some workarounds to bypass the problem. We are waiting for news.

As written by Microsoft, in March it will be implemented but not activated, subsequently in the months to come (not yet decided) there will be other updates that will activate the change.

Recommended Actions

Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.

A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.

ARomeo

Blog: https://www.aleadmin.it/
Reply
0 Kudos