Skip to main content

NetApp wins prestigious Coveo Relevance Pinnacle Award. Learn more!

INSIGHT Japan :2023年 1月25日(水)ANAインターコンチネンタルホテル開催 へ参加・申込を行う

NetApp Knowledge Base

Windows DC reports event ID 3039 with "Try Channel Binding For AD LDAP Connections" enabled

Views:
317
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9.x
  • CIFS
  • LDAPS or START-TLS

Issue

  • Starting ONTAP 9.10.1 support for channel-binding for AD-LDAP over TLS was introduced
  • Try Channel Binding For AD LDAP Connections is enabled by default.
cluster1::> cifs security show -vserver svm1

Vserver: svm1

                            Kerberos Clock Skew:                   - minutes
                            Kerberos Ticket Age:                   - hours
                           Kerberos Renewal Age:                   - days
                           Kerberos KDC Timeout:                   - seconds
                            Is Signing Required:                   -
                Is Password Complexity Required:                   -
           Use start_tls for AD LDAP connection:               false
                      Is AES Encryption Enabled:               false
                         LM Compatibility Level:  lm-ntlm-ntlmv2-krb
                     Is SMB Encryption Required:                   -
                        Client Session Security:                none
                SMB1 Enabled for DC Connections:               false
                SMB2 Enabled for DC Connections:      system-default
  LDAP Referral Enabled For AD LDAP connections:               false
               Use LDAPS for AD LDAP connection:                true
      Encryption is required for DC Connections:               false
   AES session key enabled for NetLogon channel:               false
    Try Channel Binding For AD LDAP Connections:                true

 

  • In this scenario, even with channel binding enabled, the Windows DC still reports event ID 3039:
The following client performed an LDAP bind over SSL/TLS and failed the LDAP channel binding token validation.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device