I have this warning in my events, Ive read a little on LDAP if I were to enable this how would it effect my windows xp clients? I will have windows 7 Clients also. What the best way to set this up for a single server 2008 r2 DC and a server 2003 file server? And will it have any effect on any of my applications that have users connecting to the server.
Code:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 6/24/2010 3:58:31 PM
Event ID: 2886
Task Category: LDAP Interface
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: PER510.CCI.WORK
Description:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made. To assist in identifying these clients, if such binds occur this directory server will log a summary event once every 24 hours indicating how many such binds occurred. You are encouraged to configure those clients to not use such binds. Once no such events are observed for an extended period, it is recommended that you configure the server to reject such binds.
For more details and information on how to make this configuration change to the server, please see [URL]http://go.microsoft.com/fwlink/?LinkID=87923[/URL].
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">2886</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-06-24T19:58:31.533700200Z" />
<EventRecordID>3056</EventRecordID>
<Correlation />
<Execution ProcessID="604" ThreadID="852" />
<Channel>Directory Service</Channel>
<Computer>PER510.CCI.WORK</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
</EventData>
</Event>
Last edited:
i made them all into iscsi targets and let windows do the file sharing/dfs/etc . just works better.
Facebook
Twitter