active directory domain service

Posted on 2012-09-06
Last Modified: 2012-09-24
Hello, I need some help and a detailed explanation please.
I'm running a domain with active directory and domain controller off the same windows 2008 server.
Every day I get the following warning.

During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection
This directory server is not currently configured to reject such binds.  The security of this directory server can be significantly enhanced by configuring the server to reject such binds.  For more details and information on how to make this configuration change to the server, please see
Summary information on the number of these binds received within the past 24 hours is below.
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind.  To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
Number of simple binds performed without SSL/TLS: 332
Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: 0

I've looked online for an explanation and a fix but I'm having trouble understanding the solutions. Can someone please explain to me what this means and how to fix it.
Please & thank you
Question by:MrMay
    1 Comment
    LVL 53

    Accepted Solution

    This is simply a warning message regarding to LDAP for unsigned ldap requests. This is basically telling you to enhance your security for ldap binding to ensure that the request need to be signed.

    See the following technet to accomplish this. Just remember that if you are going to implement this change make sure that your applicaitons trying to do ldap binds can work with this security. If they can't simply ignore this event.

    MS illustrates this event as it "could" be a security concern if ldap binds are not signed.

    Hope this helps!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Don't lose your head updating email signatures!

    Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users should you!

    The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
    New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now