After installing an update to 24H2 on a Microsoft Windows 11 , the ProCall search in the MetaDirectory no longer returns any results .
With the 24H2 update, the "LDAP signing" option becomes mandatory on Windows 11. This option was previously optional.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-signing-in-windows-server
LDAP connections are only established if the LDAP server fulfills the corresponding requirements:
"You can significantly improve the security of a directory server by configuring the server to reject Simple Authentication and Security Layer (SASL) LDAP binds that do not request signing (integrity verification), or to reject LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. SASL binds may include protocols such as Negotiate, Kerberos, NTLM, and Digest."
estos MetaDirectory fulfills the above requirement.
The MetaDirectory provides an LDAPS server.
The connection from the UCServer and from the ProCall clients to the MetaDirectory must be set up via LDAPS.
A valid certificate must be entered in the network.
Registry entry
Alternatively, the following parameter can be set on the Windows client PC:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap
ldapclientconfidentiality = 0
The PC must then be restarted.
https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253463
