ADAM(instance1) LDAP Event ID 2886
In my Windows Server 2008 R2 OS in the Event Viewer there is an error pertains as ADAM(instance1) LDAP Event ID 2886states-(The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,Kerberos,NTLM
or Digest) Ldap binds that do not request signing (intergrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds,configuring the server to reject them will improve
the security of this server.
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection,and will stop working if this configuration change is made.To assist in identifying these clients,if such binds occur this directory server will
log a summery event once every 24 hours indicating how many such binds occured.You are encouraged to configure those clients to not use such binds.Once no such events are observed for an extended period,it is recommended that you configure the server to reject
such binds.
You can enable additional logging to log an event each time a client makes such a bind,including information on which client made the bind.To do so Please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher). What
is this error? And What is the remedy for this error?
MumthazMuhsin
October 19th, 2011 10:39am
This type of event is common in cases, when there is simple insecure binding. More informatiopn on the error is here http://technet.microsoft.com/en-us/library/dd941829(WS.10).aspx
... and remedy
http://glazenbakje.wordpress.com/2010/06/08/microsoft-server-2008-r2-ldap-interface-events-event-id-2886/
Regards
Milos
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2011 3:21pm
This type of event is common in cases, when there is simple insecure binding. More informatiopn on the error is here http://technet.microsoft.com/en-us/library/dd941829(WS.10).aspx
... and remedy
http://glazenbakje.wordpress.com/2010/06/08/microsoft-server-2008-r2-ldap-interface-events-event-id-2886/
Regards
Milos
October 19th, 2011 10:14pm
Hi,
For ADAM/ADLDS, you may consider to install certificates to use ADAM/ADLDS with SSL.
Create your LDAP data store with the Active Directory Application Mode (ADAM) directory service
http://technet.microsoft.com/en-us/library/cc197506.aspx
For more information, please refer to the following Microsoft TechNet article:
Event ID 2886 — LDAP signing
http://technet.microsoft.com/en-us/library/dd941829(WS.10).aspx
Regards,
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2011 12:14am
Hi,
For ADAM/ADLDS, you may consider to install certificates to use ADAM/ADLDS with SSL.
Create your LDAP data store with the Active Directory Application Mode (ADAM) directory service
http://technet.microsoft.com/en-us/library/cc197506.aspx
For more information, please refer to the following Microsoft TechNet article:
Event ID 2886 — LDAP signing
http://technet.microsoft.com/en-us/library/dd941829(WS.10).aspx
Regards,
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
October 22nd, 2011 7:12am