Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2886 Source: ActiveDirectory_DomainService

The security of this directory server can be significantly enhanced by configuring the server to reject SASL (NegotiateKerberos NTLM or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds thatare performed on a cleartext (non-SSL/TLS-encrypted) connection.Even if no clients are using such binds configuring the server to reject them will improve the security of this server.

Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection and will stop working if this configuration change is made.To assist in identifying these clients if such binds occur thisdirectory server will log a summary event once every 24 hours indicating how many such bindsoccurred.You are encouraged to configure those clients to not use such binds.Once no such events are observedfor an extended period it is recommended that you configure the server to reject such binds.

For more details and information on how to make this configuration change to the server please see

You can enable additional logging to log an event each time a client makes such a bind including information on which client made the bind.To do so please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.
According to EV100630 (Event ID 2886 LDAP signing), the solution to this is to configure the directory to reject LDAP binds that do not require signing on  the DC and AD LDS servers. See the blog entry for more details.
The two GPOs to configure to remove this warning are:

- Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network Security: LDAP client signing requirements = negotiate signing.

- Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Domain controller: LDAP server signing requirements = require signing.

See ME823659 for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.