Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

What impact will Microsoft ADV190023 have on SANtricity OS?

Views:
73
Visibility:
Public
Votes:
0
Category:
e-series-santricity-management-software
Specialty:
esg
Last Updated:

Applies to

  • SANtricity
  • LDAP
  • Microsoft Security Advisory: ADV190023

Answer

Microsoft Security Advisory ADV190023 changes the behavior of two registry keys:

  1. Recommendation to set LDAP Server Signing Requirements to a registry setting of 2:
Group Policy Setting Registry Setting
Off 0
None 1 (default)
Require Signing 2

 

  • Setting LDAP Server Signing Requirements to Require Signing may impact existing LDAP client configurations utilizing active-directory domain controllers.
  • Set this to None (registry setting of 1) or Off (registry setting of 0) to prevent an impact to SANtricity OS.
    • Note: Events 2886 and 2887 may be observed.
  • Set this to Require Signing (registry setting of 2) only if using LDAPS or TLS.
    • Note: Events 2888 and 2889 indicate LDAP is rejecting the SANtricity's LDAP client.
                 
  1. Recommendation to set LDAP Enforce Channel Binding to a registry setting of 1:
Group Policy Setting Registry Setting
Never 0
When Supported 1
Always 2
  • Affects LDAP over TLS or LDAPS.
  • Should have no impact on SANtricity's LDAP client.
    • Note: Setting this option in the registry to Always (registry setting of 2) will prevent SANtricity's LDAP client from authenticating.

Additional Information