Announcement

Collapse
No announcement yet.

EventID 2886

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • EventID 2886

    I keep receiving this message every now and then, However I have followed the steps and in the default GPO have set both server and client to sign.

    I have confirmed this on all machines and its enabled so why do I keep receiving these?

    Code:
     
    The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. 
    
    Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds. 
    
    For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923. 
    
    You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.

  • #2
    Re: EventID 2886

    Hey flux, check this out and see if it helps.

    http://social.technet.microsoft.com/...c-0723fea55fd2

    Regards
    Kevin

    Comment


    • #3
      Re: EventID 2886

      Originally posted by kevinguerreiro View Post
      Hey flux, check this out and see if it helps.

      http://social.technet.microsoft.com/...c-0723fea55fd2

      Regards
      Kevin
      This looks like an interesting read, Dont think I will bother with certs as I can see that being a long term problem.

      Will give the blog and related blog links a read tomorrow.

      Thanks Kevin!

      Comment

      Working...
      X