A more secure authentication method is required for this server message is displayed in CA Agent log
説明
The Agent logs also displays the below mentioned errors
2024-05-10 08:14:08.362 [4836][WARN][NetProLib::ActiveDirectory::AdsiException::GetErrorMessage(135)] WIN32 error: A more secure authentication method is required for this server. code: 80072028 2024-05-10 08:14:08.367 [4836][INFO][NetProLib::ActiveDirectory::AdsiException::GetErrorMessage(159)] ADsGetLastError error code: 00002028, message: 00002028: LdapErr: DSID-0C09032E, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4f7c 2024-05-10 08:14:08.371 [4836][WARN][NetProLib::ActiveDirectory::ServiceConnectionPoint::Lookup(110)] Failed to search for coordinator SCPs. NetProLib::ActiveDirectory::Directory::GetRootSearch-Unable to initiate Directory search. A more secure authentication method is required for this server.
原因
The server that the Change Auditor Agent installed on has the Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Network security: LDAP client signing requirements is set to "none". This instead should be set to Negotiate signing.
対策
Set Network Security: LDAP Client signing requirement to Negotiate signing by using a GPO (gpmc.msc) or directly modifying the local (gpedit.msc) on the Agent server:
Expand Local Computer Policy | Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options
Scroll down and double click Network Security: LDAP client signing requirements
Click the drop down and select Negotiate signing
Save the settings
Reboot the Agent server to ensure the new settings are applied
