LDAP connection to 2016 DC with StruxureWare Data Center Expert

DCIM_Support · ‎2020-07-04

We are currently using StruxureWare Data Center Expert 7.2.6 which is configured to use LDAP authentication for user logons. We recently added two Windows Server 2016 Domain Controllers to our network and would like to move the StruxureWare LDAP authentication to these new 2016 servers.

In StruxureWare, we select the System menu and then Users and Device Group Access. In the Authentication Servers tab, we add the new 2016 server address and click Next. On the next page, we enter the Bind User DN and Password, the Search Base, and then click Next. We receive back the error message "Bind was unsuccessful. Check your settings."

We've tried using SSL, not using SSL, using server port 389, and using server port 636. No matter what settings we select, we receive back the "Bind was unsuccessful" error message. If we change the server address to a 2008 DC or 2012 DC, the bind is successful - we are able to continue without any problems. We only receive the error message when using a 2016 DC.

Is this a known issue? Is there any workaround? Would upgrading the software help? Any assistance is appreciated.

DCIM_Support · ‎2020-07-04

Hi davidf,

I'm also interested in your question. But I can not check it out for myself. Therefore, I highly recommend that you download from DCE Virtual Machine and deploy latest VMware VM DCE-7.4.3 and check this current DCE-version with your Microsoft Server 2016 AD DC servers.

I doubt the success of this test, but it is necessary to test it.

Most likely, the problem is that even the latest DCE-7.4.3 only supports NTLMv1, which is forcibly disabled for security reasons in current versions of Microsoft OS. But I can be wrong 😀.

With respect.

DCIM_Support · ‎2020-07-04

I deployed DCE-7.4.3 and ran into the same issue. I can bind to 2008 DCs and 2012 DCs, but not 2016 DCs.

DCIM_Support · ‎2020-07-04

Hi davidf,

...As I expected ☹️.

If you are not difficult, you can make a download capture logs from DCE? How to do this is well written in topic .

It is very possible, after understanding a little of these DCE system logs, you can find a mention of the problem that leads to your message "Bind was unsuccessful" for MS Windows Server 2016 DC. To understand the DCE system logs my tips in topic will help.

Always glad to answer your questions.

DCIM_Support · ‎2020-07-04

Hi davidf,

I created the appropriate Feature Requests on this issue with a link to this topic. I am also interested in this 😀.

With respect.

DCIM_Support · ‎2020-07-04

Thanks. I downloaded the capture logs and hope to review them this afternoon.

DCIM_Support · ‎2020-07-04

Also having the same problem!! Server 2016.

DCIM_Support · ‎2020-07-04

Has this ever been resolved?

DCIM_Support · ‎2020-07-04

Dear Jonathan,

As far as I know, so far nothing has changed, at least from the latest software DCE-7.5.0.

With respect.

DCIM_Support · ‎2020-07-04

I found the policy preventing the bind from working. It is located in Group Policy Management at Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options. The Policy "Domain Controller: LDAP server signing requirements" was set to "Require signing". Once we changed this to "None", we were able to bind to the Domain Controller.

DCIM_Support · ‎2020-07-04

Hi davidf,

Many thanks for the feedback and for solving the problem 😀.

DCIM_Support · ‎2020-07-04

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.