Sage X3 Tips: The Upcoming Microsoft LDAP Security Update

By: | Category: ERP

A Windows security update planned by Microsoft to be available in March 2020 will enable LDAP channel binding and LDAP signing hardening for Active Directory. For more information about this update see the official Microsoft announcement.

Sage X3 environments configured to connect to Active Directory with LDAPS for user authentication or synchronization will continue to work normally.

However Sage X3 environments configured to connect to Active Directory with simple LDAP binding will encounter the following error once the security update is in effect:

'Connection error: StrongAuthRequiredError: 00002028: LdapErr: DSID-0C090200,
comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839'

For supported Sage X3 versions (U9, V11, V12), updating the Sage X3 configuration to use LDAPS instead of LDAP and avoid this error is described below:

  • Obtain the Active Directory CA certificate
    • For example from the host holding the ADCS role open the ‘Certificates’ snap-in in the Microsoft Management Console (mmc), then export the AD CA certificate from Personal/Certificates of the local computer.
    • The certificate must be in base-64 format and not contain the private key.
  • In Sage X3 go to ‘Administration > Administration > Certificates > Certificates of Certification Authorities’
  • Select ‘Actions > New CA Certificate’
  • Enter a name, description and upload the CA certificate exported previously
  • Select ‘Actions > Save’
  • Go to ‘Administration > Administration > Authentication > LDAP Servers’
  • Click on the connection to edit
  • Select ‘Actions > Edit’
  • Set the correct protocol (ldaps) and port (636 or 3269) in the URL
  • Click on the looking glass icon under ‘CA certificates of LDAP server for TLS’
  • Select the CA certificate created previously, and then OK
  • Select ‘Actions > Save’
  • Selecting ‘Actions > Connection test’ should say ‘Connection OK’

For unsupported Sage X3 versions with LDAPS functionality (between V7P11 and U9), we advise to set up a test environment to check the compatibility of Sage X3 and the new security parameters described in the Microsoft announcement.

Sage X3 versions prior to V7P11 do not support LDAPS. In this case the only way to keep Sage X3 connected to Active Directory will be to configure the new security parameters described in the Microsoft announcement back to their previous values. This is not recommended and we encourage you to upgrade to a more recent Sage X3 version instead.
Need Help?

If you have any questions, or if you require assistance, please contact us or call the Net at Work HelpDesk: 888-494-9479.

Other Posts You May Like

Chemical Manufacturer Maximizes Technology’s Benefits Through Strategic Partnership with Net at Work

Since 1979, Polycoat Products has transformed from a modest industrial coatings manufacturer to a multi-entity powerhouse. Today, the company boasts over one million square feet of manufacturing space, a vast distribution network, and a robust workforce dedicated to continuous innovation….

Growth in the CFO Office: AI & the Importance of Data

I was fortunate to have two days in Phoenix last week attending the Prophix Live conference.  It was one of the only times I have been to a conference without any colleagues from Net at Work and it was a…

Quick Start Package: Sage Data & Analytics in the Cloud

Reduce time spent on analysis and reporting, and make faster, better-informed decisions. The tight and secure integration of Sage Data & Analytics (SD&A) with Sage ERP† ensures the reliability of critical business information, provides business users with coherent insight on…

   Sage X3