TSSA: Windows update on March 2020 which enables ‘LDAP Channel binding’ and ‘LDAP signing’

Version 3
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    TrueSight Server Automation


    BladeLogic Application Server


    TrueSight Server Automation


    On March 10, 2020, Windows updates added options for administrators to harden the configurations for LDAP channel binding on Active Directory domain controllers.
     The updates add:
    1.            Domain controller: LDAP server channel binding token requirements group policy.
    2.            CBT signing events 3039, 3040, and 3041 with event source Microsoft-Windows-ActiveDirectory _DomainService in the Directory Service event log.


    Reference: ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

    How does this affect users who use Active Directory used in LDAP Sync, LDAP Authentication and Domain Authentication in TSSA ?



    BMC has tested successfully LDAP Sync, LDAP Authentication, Kerberos, and Domain Authentication used in TSSA with the modifications described in the Microsoft article.  No modification to TSSA configuration is required to accommodate the changes mentioned in the article.


    Article Number:


    Article Type:

    Solutions to a Product Problem

      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles