During the previous 24 hour period, some clients attempted to perform LDAP binds that were either: (1) A SASL (Negotiate, ...

During the previous 24 hour period, some clients attempted to perform LDAP binds that were either:

(1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or

(2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection



This directory server is configured to reject such binds.  This is the recommend configuration setting, and significantly 
enhances the security of this server.  For more details, please see http://go.microsoft.com/fwlink/?LinkID=87923.



Summary information on the number of such binds received within the past 24 hours is below.



You can enable additional logging to log an event each time a client makes such a bind, including information
on which client made the bind.  To do so, please raise the setting for the "LDAP Interface Events" event logging category
to level 2 or higher.



Number of simple binds rejected because they were performed without SSL/TLS: %1

Number of Negotiate/Kerberos/NTLM/Digest binds rejected because they were performed without signing: %2