• VMware vCenter Server 8.x, 9.x
• Windows Server 2025 Domain Controller
• Active Directory over LDAP

According to Microsoft documentation:
https://learn.microsoft.com/en-us/windows-server/identity/manage-ldap-signing-group-policy

In Windows Server 2025 and later:

• New Active Directory deployments enable LDAP signing by default
• Domain Controllers require stronger authentication for LDAP connections

This behavior is controlled by the following Active Directory Group Policy setting:

• Domain controller: LDAP server signing requirements enforcement

As a result:

• Standard LDAP (port 389) connections that do not meet signing requirements are rejected
• vCenter fails to add the identity source and returns “Strong(er) authentication required”

Use LDAPS instead of LDAP.

• Configure LDAPS on the Windows Server 2025 Domain Controller
• Then configure vCenter to use LDAPS to join Active Directory. Reference: https://knowledge.broadcom.com/external/article/316596

Workaround

If LDAP (port 389) must be used, modify the following setting on the Windows Server 2025 Domain Controller.

Follow this Microsoft guidance:
https://learn.microsoft.com/en-us/windows-server/identity/manage-ldap-signing-group-policy?tabs=windows-server-2025#tabpanel_1_windows-server-2025

• Change:

  Domain controller: LDAP server signing requirements enforcement → Disabled
  
  Note. The default value of this setting is Default (same effect as Enabled) in Windows Server 2025

• Apply the policy by running the following command:
  
  gpupdate /force

• The error “Strong(er) authentication required” indicates LDAP requests are being rejected by Active Directory
• This is due to stricter LDAP security enforcement in Windows Server 2025
• Recommended solution is to use LDAPS
• Modifying the policy allows LDAP but reduces security. It should be considered a temporary workaround or last resort.