All Admin users are unable to login to Endpoint Protection Manager

book

Article ID: 226019

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Admin users are unable to log into the SEP Manager. Active Directory AD logins are used, the accounts are not being recognized.

Error: The administrator's user name or password is incorrect. Type a valid user name or password.

Error in ADSITask-0.log: THREAD 42 WARNING: LdapUtils>> connect: Exception... Duration: 21.028s (21028.0ms)
THREAD 42 WARNING: javax.naming.CommunicationException: <IP Address> [Root exception is java.net.ConnectException: Connection timed out: connect]

Cause

LDAP server (Domain controller) is throwing an error when we try to authenticate. Via WireShark, the error is:

strongAuthRequired (00002028: LdapErr: DSID-0C090276, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580

It appears based on this message that LDAP binding was recently turned on on the LDAP server.

Environment

14.3x

Resolution

This article from Microsoft covers how to turn it on and off via registry:

https://support.microsoft.com/en-us/topic/use-the-ldapenforcechannelbinding-registry-entry-to-make-ldap-authentication-over-ssl-tls-more-secure-e9ecfa27-5e57-8519-6ba3-d2c06b21812e

Disable LDAP binding to resolve the issue.

Attachments