Commodore
Commodore
227 views

ZCM 2017 and Windows Server 2019 Updates User source ERROR

Hello everyone. New updates came out for Windows Server 2019, and were just applied to my master domain controller yesterday.  All Secure 3 party LDAP clients seem to be able to connect still, however, the updates for AD LDAP SSL seem, to have affected ZCM 2017, I can no longer make a secure user source connection from my ZCM 2017 servers to my Windows Server 2019 SSL AD servers.  On reboot, none of my ZCM server can connect to Windows Server 2019 Secure LDAP, however other third party client, even after reboot, CAN, so this issue seem to be affecting just ZCM SSL connections right now. As an exmaple, on a full Reboot Google GCDS can still do a secure SSL connect to my AD LDAP.  Has anyone else seen this, and or found a solution.

Labels (1)
0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

You did not actually detail what you are referring to, so I will have to guess...

https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirements-for-windows

Specifically, a new GPO setting was added - "Domain controller: LDAP server channel binding token requirements"

A related setting already existed: "Domain controller: LDAP server signing requirements"

I have verified that my ZCM 17.4.1 Appliance and ZCM 2020 Appliance both worked with any combination of: "1 and 1",  "1 and 2", "2 and 1" and "2 and 2" for those settings.

"Domain controller: LDAP server signing requirements" never seemed to have no impact regardless of SSL/ClearText settings

"Domain controller: LDAP server channel binding token requirements" broke Non-SSL but worked fine with SSL.

--

 

What version of ZCM?  What specific settings/changes did you make?  Yesterday's patches have no impact unless you made additional configuration changes.

Was ZCM configured to use SSL Prior to yesterday?  

 

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Commodore
Commodore

False alarm, server was out of space, and it was interfering with services.  All is well after clean-up and reboot.

0 Likes
Micro Focus Expert
Micro Focus Expert

Thanks!  

--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.