Category:Troubleshooting
Last Updated:2011-08-03
Using ldap port 389, the connection’s Test Connect Error reads:
"The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection"
Using ldap port 389, Sync run error reads:
> Ldap_bind: Strong Authentication Required
> Ldap_bind: additional info:00002028:ldapERR:DSID-0C090169,comment:
> The server requires binds to turn on the integrity checking if SSL/TLS are not already active on the connection, data 0, vece
These errors indicate your LDAP server is set to Require Signing. UnitySync does not perform data signing. With this requirement set on the LDAP directory, UnitySync fails to bind to the server and returns the error shown above.
Per a Microsoft TechNet article:
Per the TechNet article, if you connect using SSL, then the data signing is not required.
Ask your AD Admin if SSL is enabled on the AD server. You can test with the SSL LDAP port of 636 (instead of the standard ldap port of 389) to see if that resolves the problem.
If SSL is disabled, you will need to reset the Signing Requirements setting to NONE Then, using the standard ldap port of 389, try the Test Connection again...With signing turned off, the connection should be successful.
*For more info on the Signing Requirements, see the following Microsoft TechNet page*
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/56044016-3123-4859-8fd9-c5a461a1c5c8.mspx