VMware vSphere

Hi @all,

I already found some threads about the Microsoft changes from ldap to ldaps but they did not yet help me.

Our vCenter is joined to our AD. At the identity sources I have configured the root domain of the forest with "Active Directory (Integrated Windows Authentication)".

When I now look at the ldap logs of the AD Domain Controller I see that the machine account of the vCenter makes unsigned connections.

On my test vCenter I setup an ldaps connection instead of the "Active Directory (Integrated Windows Authentication)" but there is the same behavior.

How can I change them to signed ones?

Regards Wolfgang

Hi,

Have you seen these official press releases from VMware and Microsoft?

VMware:

VMware vSphere & Microsoft LDAP Channel Binding & Signing (ADV190023) - VMware vSphere Blog

Microsoft:

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190023

However, there is still time because the change will be active in the second half of 2020

"A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings."

------

Post:

vCenter LDAP binding and signing

ARomeo

Hi AlessandroRomeo68,

thanks for your replay. When I understood it right our config should not be affected:

Thanks and best regards

Wolfgang

Great! from the image I see is correct.

ARomeo

Hi

I am also using Windows Integrated Authentication. But I still see plain text unsigned bind requests. Which makes me not believe VMware's article.

Any thoughts?

Thanks