The "Strong(er) authentication required LDAP error [code: 8]" observed in the vmware-identity-sts.log is a direct error message originating from the Active Directory server. This error occurs when the vCenter Server, attempting to authenticate a user or service account (such as a backup service account), issues an LDAP bind request that does not meet the Active Directory server's required level of authentication security.

LDAP error code 8 explicitly signifies that the Active Directory server demands a stronger authentication method than what the vCenter Server is providing. Given that the vCenter Server is configured for "Active Directory over LDAP" (which typically implies an unencrypted, non-SSL/TLS LDAP connection), this error directly indicates a mismatch between the vCenter's client-side authentication method and the Active Directory server's enforced security policies.

https://support.microsoft.com/en-us/topic/2020-2023-and-2024-ldap-channel-binding-and-ldap-signing-requirements-for-windows-kb4520412-ef185fb8-00f7-167d-744c-f299a66fc00a

websso.log >>

 WARN sts[41:tomcat-http--2]  [com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAPclient: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 8
 WARN sts[41:tomcat-http--2]  [com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldap://xxxxx]
 ERROR sts[41:tomcat-http--2]  [com.vmware.identity.idm.server.ServerUtils] cannot establish ldap connection with URI: [ldap://xxxx] because [com.vmware.identity.interop.ldap.StrongAuthRequiredLdapException] with reason [Strong(er) authentication required] therefore will try to attempt to use secondary URIs, if applicable