This article explains the steps to perform in case of the following error.
"Cannot register the AD server. Strong(er) authentication required."
Following traceback is seen under the inSyncSyncServer.log
[2014-07-28 04:43:26,808] [ERROR] Error <class 'inSyncLib.inSyncError.SyncError'>:Strong(er) authentication required (#10000007f). Traceback -Traceback (most recent call last): File "inSyncWWWLib\ActiveDirectory.pyc", line 206, in add File "inSyncLib\inSyncRPC.pyc", line 1626, in call File "inSyncLib\inSyncRPC.pyc", line 1610, in __safe_request File "inSyncLib\inSyncRPC.pyc", line 1554, in _safe_request File "inSyncLib\inSyncRPC.pyc", line 1546, in execute File "<string>", line 1, in <module> File "xmlrpclib.pyc", line 1224, in call File "inSyncLib\inSyncBaseRPC.pyc", line 672, in __safe_request File "inSyncLib\inSyncBaseRPC.pyc", line 757, in __issue_request SyncError: Strong(er) authentication required (#10000007f)
Log in to the AD Server and perform the following steps
- Open Group policy manager.
- Edit the Domain Controller Policy
- Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
- Look for the below two entries-
- Domain Controller: LDAP Server signing requirements.
- Network security: LDAP Client signing requirements
- Make sure these entries are set to the following values-
- Domain controller: LDAP server signing requirements = none
- Network security: LDAP client signing requirements = Negotiate
- In some environments the entry "Domain controller: LDAP server signing requirements" is set to "Require Signing".
- Change it to "none" and run a GPUPDATE /FORCE on the AD Server.
- Try to register the AD server again from the Console and this time you should be able to register it successfully.