Skip to main content
Waters Employee Login
 
Waters

Microsoft's planned changes to LDAP Signing will affect non-SSL/TLS LDAP authentication in Empower - WKB88530

  1. Last updated
  2. Save as PDF
Article number: 88530

SYMPTOMS

  • Empower authentication attempts using non-SSL/TLS LDAP fail. The error message "Not enough storage is available to process this command. : User - username" appears.
  • Empower users with "Always Local" accounts are able to log in successfully.

ENVIRONMENT

  • Empower environments where authentication is configured to use non-SSL/TLS LDAP authentication methods
  • Empower 2 FR5 and later
  • Empower 3

CAUSE

Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers. A future monthly update, anticipated for release in the second half of 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings

March 2020 Microsoft Patches

ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

FIX or WORKAROUND

  • Enable SSL/TLS security in the LDAP configurations for Empower, or
  • Per Microsoft's guidance in KB935834, set the group policies to configure LDAP server signing requirements to 'None'

ADDITIONAL INFORMATION

id88530,

Not able to find a solution? Click here to request help.