Client Management Suite

Expand all | Collapse all

LDAP channel binding changes coming (from Microsoft)

  • 1.  LDAP channel binding changes coming (from Microsoft)

    Posted 12-03-2019 12:05 PM

    "Microsoft intends to release a security update on Windows Update to enable LDAP channel binding and LDAP signing hardening changes and anticipate this update will be available in mid-January 2020."

    If we use a System configuration task to bind to AD, is it doing the LDAP bind over SSL? 

    Can anyone clarify if these new security measures on domain controllers (enforced with new win update) will break our binding during imaging process (via system config)?  What about technician access to the console?


    https://support.microsoft.com/en-ca/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

     

    I asked support for clarification, will report back if I get it.



  • 2.  RE: LDAP channel binding changes coming (from Microsoft)

    Posted 12-09-2019 09:17 AM

    I don't think support really understands the changes that Microsoft is implementing, so remains to be seen if anything will break. YOLO I guess for me on this one.



  • 3.  RE: LDAP channel binding changes coming (from Microsoft)

    Posted 12-15-2019 02:44 AM

    I activated logging for the LDAP signing part as explained by MS in 2 environments running ITMS, in both environments we have events 2889 about LDAP binding without requesting signing, but none are related to ITMS, so looks like it won't cause any issues.

    In 1 environment I will be able to force it manually in the next 2 weeks as I have only 1 source to fix, will post results regarding ITMS once I"m able to (if not somebody else replies earlier ;))



  • 4.  RE: LDAP channel binding changes coming (from Microsoft)

    Posted 12-18-2019 02:14 PM