|
Posted by boe on June 14, 2008, 9:10 pm
Please log in for more thread options Thanks - good to know I'm not alone. Seems like just about every link in
the even that is set off in 2008 goes nowhere.
"Jorge de Almeida Pinto [MVP - DS]"
> you are not the only one looking for it
>
http://forums.technet.microsoft.com/en-US/winserverDS/thread/39e17bb4-029d-4880-9bcc-0723fea55fd2/
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>
------------------------------------------------------------------------------------------
> * How to ask a question --> http://support.microsoft.com/?id=555375
>
------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no
> rights!
> * Always test ANY suggestion in a test environment before implementing!
>
------------------------------------------------------------------------------------------
> #################################################
> #################################################
>
------------------------------------------------------------------------------------------
>> Hello,
>>
>> Hello,
>>
>> I'm playing around with 2008 server in a non production environment. I
>> am getting this event but the link doesn't seem to work.
>>
>> Log Name: Directory Service
>> Source: Microsoft-Windows-ActiveDirectory_DomainService
>> Date: 6/12/2008 4:04:10 PM
>> Event ID: 2886
>> Task Category: LDAP Interface
>> Level: Warning
>> Keywords: Classic
>> User: ANONYMOUS LOGON
>> Computer: CSD-6700.csd.lan
>> Description:
>> The security of this directory server can be significantly enhanced by
>> configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
>> Digest) LDAP binds that do not request signing (integrity verification)
>> and LDAP simple binds that are performed on a cleartext
>> (non-SSL/TLS-encrypted) connection. Even if no clients are using such
>> binds, configuring the server to reject them will improve the security of
>> this server.
>>
>> Some clients may currently be relying on unsigned SASL binds or LDAP
>> simple binds over a non-SSL/TLS connection, and will stop working if this
>> configuration change is made. To assist in identifying these clients, if
>> such binds occur this directory server will log a summary event once
>> every 24 hours indicating how many such binds occurred. You are
>> encouraged to configure those clients to not use such binds. Once no
>> such events are observed for an extended period, it is recommended that
>> you configure the server to reject such binds.
>>
>> For more details and information on how to make this configuration change
>> to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
>>
>> You can enable additional logging to log an event each time a client
>> makes such a bind, including information on which client made the bind.
>> To do so, please raise the setting for the "LDAP Interface Events" event
>> logging category to level 2 or higher.
>> Event Xml:
>> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
>> <System>
>> <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService"
>> Guid="" EventSourceName="NTDS
>> Database" />
>> <EventID Qualifiers="32768">2886</EventID>
>> <Version>0</Version>
>> <Level>3</Level>
>> <Task>16</Task>
>> <Opcode>0</Opcode>
>> <Keywords>0x8080000000000000</Keywords>
>> <TimeCreated SystemTime="2008-06-12T23:04:10.781Z" />
>> <EventRecordID>60</EventRecordID>
>> <Correlation />
>> <Execution ProcessID="664" ThreadID="876" />
>> <Channel>Directory Service</Channel>
>> <Computer>CSD-6700.csd.lan</Computer>
>> <Security UserID="S-1-5-7" />
>> </System>
>> <EventData>
>> </EventData>
>> </Event>
>
| 
XML Sitemap