vCenter 6.5 U2h appliances with external PSC, Windows 2012 R2 domain controllers.
I have been looking more closely at what LDAP clients have been sending unsigned and/or simple binds to our domain controllers because of the enforcement changes that Microsoft will be bringing to Windows in January.
Every one of my vCenter appliances are joined to AD and are using Integrated Windows Authentication as the SSO identity source.
Any time AD Authentication occurs from vCenter, the domain controller logs event 2889, logon type 0 (meaning unsigned bind), logging in as the machine account of the vCenter.
Our vCenter SSO settings as far as I can remember are defaults.
I’m hoping someone else out there has been looking at the same issue and found a solution.
If all else fails, I could remove from the domain and use LDAP over TLS I suppose, as a last resort.
To see the full content, share this page by clicking one of the buttons below