Return
-
Title
Warning collecting group membership from a remote domain: Unable to connect to LDAP server. Strong Authentication Required -
Description
The below warning may occur when collecting cross domain group membership:
Failed to get members of local groups of domain 'domainname'. Unable to connect to LDAP server. Target server: <domainname>. Port: 389. Unable to connect to LDAP server. Strong Authentication Required
-
Resolution
The Agent Service account (LOCAL_SYSTEM by default) authenticates to the remote domain using LDAP_AUTH_NEGOTIATE which will use Kerberos or NTLM. If the below policy settings are configured on the DC's in the remote domain, this could cause an issue with the authentication:
Windows Settings |Security Settings | Local Policies | Security Options | Network Security: LDAP client signing requirements: Require SigningWindows Settings |Security Settings | Local Policies | Security Options | Domain Controller: LDAP client signing requirements: Require SigningThis warning has been resolved in the upcoming release of 9.0. -
Defect ID
RMADFE-1047