VIP Enterprise Gateway User Store LDAP connection fails with error Message: 00002028: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection
search cancel

VIP Enterprise Gateway User Store LDAP connection fails with error Message: 00002028: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection

book

Article ID: 281773

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

Creating or modifying a User Store connection on port 389 (non-SSL) fails with an error in the VIPEGConsole log: errorMessage: 00002028: LdapErr: DSID-0C09038B, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4f7c. StrongAuthRequired

Cause

The AD\LDAP server enforces LDAPS and has rejected a non-SSL connect request. This is often a Domain group policy set to prevent unencrypted information from being going across the network. 

Wireshark can confirm the same error message seen in the VIPEGConsole log: 

Resolution

Import the domain certificate CA and (if applicable) intermediate CA into the Trusted CA Certificates on the VIP Enterprise Gateway. After importing each certificate, Save the settings and restart the VIP Enterprise Gateway Service

Important: Import the same certificates into the Windows certificate store. 

 

Powered by Wolken Software