Windows AD domain error LADP illegal binding

In the last 24 hours, some clients have attempted to perform the following types of LDAP bindings:
(1) SASL (negotiated, Kerberos, NTLM, or Digest) LDAP bindings that do not request signature (integrity verification), or
(2) LDAP simple bindings performed on plaintext (non-SSL/TLS encrypted) connections

This directory server is not currently configured to reject such a binding. By configuring this directory server to deny such a binding, you can significantly enhance the security of that server. For more information about how to make this configuration change to your server, see http://go.microsoft.com/fwlink/?LinkID=87923.

The following summary information about the number of bindings received in the last 24 hours is as follows.

You can enable other logging to record an event each time a client makes such a binding, including information about which client made the bind. To do this, raise the settings for the LDAP interface Events event logging category to Level 2 or higher.

Number of simple bindings executed without SSL/TLS: 3155
Number of negotiated/kerberos/ntlm/digest bindings executed without signing: 0

1 run MMC add ad Group Policy

2 Click AD Domain default Group Policy

3 Right-click Edit Group Policy

4 Click Computer Configuration-Policy-windows settings-Local Policies-security options

5 domain controller found: LADP Server signing requirements, edit enabled

The above execution, the direct restart of the server, should have no error.

This article is from the "Xspjcxx" blog, make sure to keep this source http://xspjcxx.blog.51cto.com/8768190/1612485

Windows AD domain error LADP illegal binding