4 Replies Latest reply on Feb 12, 2020 7:10 AM by AlessandroRomeo68

    ldaps

    ferexderta Enthusiast

      I read an article. microsoft will release an update i could not fully understand if i should make a change to my system. ı use 6.5 u2 vCenter so What should I do to the system after microsoft update, or should I do any vcenter upgrade. Can you help with this ?

       

       

      VMware vSphere & Microsoft LDAP Channel Binding & Signing (ADV190023) - VMware vSphere Blog

       

      https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

      https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

        • 1. Re: ldaps
          bewe Expert

          because your AD is not connected via ldap you have nothing to do

          • 2. Re: ldaps
            AlessandroRomeo68 Master
            User Moderators

            Hi,

             

            If LDAP connections are present through port 389, you need to modify them with port 636.

            This problem has an impact on any device, Micorsoft Servers, multifunction printers, vCenter, etc ... that queries LDAP or LDAPS using port 389.

             

            ARomeo

            • 3. Re: ldaps
              ferexderta Enthusiast

              What am I supposed to change? Would I not do anything right now? or what am I supposed to do and where do I change it? I can share other information about the infrastructure to be able to control. I am currently logging into vcenter with the AD  user

              • 4. Re: ldaps
                AlessandroRomeo68 Master
                User Moderators

                Now don't change anything, as Microoft releases updates every second Tuesday of the current month. So there is time.

                If you log into vCenter with an Active Directory user and why vCenter runs an AD query and allows you to log in. What you need to check is the way and the port in which vCenter has been linked to the AD domain.

                Microsoft is currently looking for temporary solutions, or some workarounds to bypass the problem. We are waiting for news.

                 

                As written by Microsoft, in March it will be implemented but not activated, subsequently in the months to come (not yet decided) there will be other updates that will activate the change.

                 

                Recommended Actions

                 

                Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.

                 

                A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.

                 

                 

                ARomeo