Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2887 Source: ActiveDirectory_DomainService

Level
Description
During the previous 24 hour period some clients attempted to perform LDAP binds that were either:
(1) A SASL (Negotiate Kerberos NTLM or Digest) LDAP bind that did not request signing (integrity validation) or
(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection

This directory server is not currently configured to reject such binds.  The security of this directory server can be significantly enhanced by configuring the server to reject such binds.  For more details and information on how to make this configuration change to the server please see http://go.microsoft.com/fwlink/LinkID=87923.

Summary information on the number of these binds received within the past 24 hours is below.

You can enable additional logging to log an event each time a client makes such a bind including information on which client made the bind. To do so please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.

Number of simple binds performed without SSL/TLS: 31
Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: 0
Comments
 
See ME935834 on how to enable LDAP signing in Windows Server 2008.
According to T941856, to resolve this, you need to configure the directory to reject LDAP binds that do not require signing. See the article for additional details.
You can ignore this message if you are not concerned about LDAP clients connecting through non SSL/TLS channels. This is a rather new feature and not all the client computers have the ability to use SSL encrypted communication channels with LDAP. On the other hand, if this is a requirement for your environment, you need to identify the clients and upgrade/reconfigure them accordingly.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...