TSSA: Windows update on March 2020 which enables ‘LDAP Channel binding’ and ‘LDAP signing’

Version 3
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    TrueSight Server Automation


    COMPONENT:

    BladeLogic Application Server


    APPLIES TO:

    TrueSight Server Automation



    PROBLEM:

    On March 10, 2020, Windows updates added options for administrators to harden the configurations for LDAP channel binding on Active Directory domain controllers.
     The updates add:
    1.            Domain controller: LDAP server channel binding token requirements group policy.
    2.            CBT signing events 3039, 3040, and 3041 with event source Microsoft-Windows-ActiveDirectory _DomainService in the Directory Service event log.

     

    Reference: ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

    How does this affect users who use Active Directory used in LDAP Sync, LDAP Authentication and Domain Authentication in TSSA ?
     

     


    SOLUTION:

    BMC has tested successfully LDAP Sync, LDAP Authentication, Kerberos, and Domain Authentication used in TSSA with the modifications described in the Microsoft article.  No modification to TSSA configuration is required to accommodate the changes mentioned in the article.

     


    Article Number:

    000187076


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles