(763) 273-4048 info@netguys.net

Microsoft LDAP Security Update

New Microsoft Security Updates May Affect Your UC Deployment

Microsoft is updating security requirements when integrating to Microsoft Active Directory using LDAP.  Many UC deployments are not in compliance with the new requirements.  This could affect Finesse, Self-Care Portal, Mobile Remote Access, Jabber and more.  When the changes take effect, this will break authentication and directory services which rely on Microsoft Active Directory.  For example, Contact Center Agents will not be able to login to Finesse to service your customers.  For more information about the changes please read 2020 LDAP channel binding and LDAP signing requirements for Windows by Microsoft.

We’ve developed the following steps you can use to verify the compliance of common deployments.  For additional products and details please read Cisco Software Advisory: Secure LDAP Mandatory for Active Directory Connections.

Compliance Verification Steps for Cisco Unified Communications Manager

LDAP System Configuration

  1. In the CM Administration page navigate to: System > LDAP > Directory > LDAP System
  2. Verify ‘Enable Synchronizing from LDAP Server’ is checked
  3. Verify ‘LDAP Server Type’ is ‘Microsoft Active Directory’
  4. If both of those are true, continue and check the Directory and Authentication Configurations.

Directory Configuration

  1. In the CM Administration page navigate to: System > LDAP > Directory > LDAP Directory
  2. Click Find
  3. Select the LDAP Configuration Name
  4. In the ‘LDAP Server Information’ section verify the if ‘Use TLS’ check box is checked.
  5. Repeat this process for any additional LDAP Configurations.

Authentication Configuration

  1. In the CM Administration page navigate to: System > LDAP > Directory > LDAP Authentication
  2. Verify ‘Use LDAP Authentication for End Users’ is checked.
  3. Verify in the ‘LDAP Server Information’ section verify the if ‘Use TLS’ check box is checked.

Compliance Verification Steps for Cisco Unity Connection

LDAP System Configuration

  1. In the Unity Connection Administration page navigate to: System Settings> LDAP > Directory > LDAP System
  2. Verify ‘Enable Synchronizing from LDAP Server’ is checked
  3. Verify ‘LDAP Server Type’ is ‘Microsoft Active Directory’
  4. If both of those are true, continue and check the Directory and Authentication Configurations.

Directory Configuration

  1. In the Unity Connection Administration page navigate to: System Settings> LDAP > Directory > LDAP System
  2. Verify ‘Enable Synchronizing from LDAP Server’ is checked
  3. Verify ‘LDAP Server Type’ is ‘Microsoft Active Directory’
  4. If both of those are true, continue and check the Directory and Authentication Configurations.

Authentication Configuration

  1. In the Unity Connection Administration page navigate to: System Settings > LDAP > Directory > LDAP Authentication
  2. Verify ‘Use LDAP Authentication for End Users’ is checked.
  3. Verify in the ‘LDAP Server Information’ section verify the if ‘Use TLS’ check box is checked.