none
Disabling Warning: Event id 2887 ActiveDirectory_DomainService RRS feed

  • Question

  • Hello togehter,

    is it possible to disable this bloody warning?:

    Event ID: 2887
    Event Source: ActiveDirectory_DomainService
    Event Type: Warning
    Event Description:
    During the previous 24 hour period some clients attempted to perform LDAP binds that were either:
    (1) A SASL (Negotiate Kerberos NTLM or Digest) LDAP bind that did not request signing (integrity validation) or
    (2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection

    This directory server is not currently configured to reject such binds.  The security of this directory server can be significantly enhanced by configuring the server to reject such binds.  For more details and information on how to make this configuration change to the server please see http://go.microsoft.com/fwlink/LinkID=87923.

    Summary information on the number of these binds received within the past 24 hours is below.

    You can enable additional logging to log an event each time a client makes such a bind including information on which client made the bind.  To do so please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.

     

    Thanks for your helps

    OWA

    Tuesday, November 2, 2010 11:00 AM

Answers

  • Hi,

     

    To fix the error and enhance the security of your network, please consider configuring the domain controller to reject unsigned LDAP communications. Meanwhile, client computers that currently rely on unsigned binds or LDAP simple binds over a non-Secure Sockets Layer / Transport Layer Security (SSL/TLS) connection will stop working if this you make this configuration change. You should first identify all the client computers that are using unsigned binds.

     

    When unsigned binds occur, the domain controller will log Event ID 2887 every 24 hours, indicating how many unsigned binds have occurred. If you want to learn specifically which client computers are using unsigned binds to the domain controller, you can enable diagnostic logging for LDAP Interface Events.

     

    For more information, please refer to the following link:

     

    Event ID 2887 — LDAP signing

    http://technet.microsoft.com/en-us/library/dd941856(WS.10).aspx  

     

    In the meantime, you can ignore this warning if you do not want to force all the clients using LDAP signing.

     

    Thanks.

    Nina


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, November 3, 2010 2:25 AM
    Moderator

All replies

  • Hi,

     

    To fix the error and enhance the security of your network, please consider configuring the domain controller to reject unsigned LDAP communications. Meanwhile, client computers that currently rely on unsigned binds or LDAP simple binds over a non-Secure Sockets Layer / Transport Layer Security (SSL/TLS) connection will stop working if this you make this configuration change. You should first identify all the client computers that are using unsigned binds.

     

    When unsigned binds occur, the domain controller will log Event ID 2887 every 24 hours, indicating how many unsigned binds have occurred. If you want to learn specifically which client computers are using unsigned binds to the domain controller, you can enable diagnostic logging for LDAP Interface Events.

     

    For more information, please refer to the following link:

     

    Event ID 2887 — LDAP signing

    http://technet.microsoft.com/en-us/library/dd941856(WS.10).aspx  

     

    In the meantime, you can ignore this warning if you do not want to force all the clients using LDAP signing.

     

    Thanks.

    Nina


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, November 3, 2010 2:25 AM
    Moderator
  • "Is it possible to disable this bloody warning"

    So, I assume the answer to this question is No ?



    Friday, January 16, 2015 5:14 AM