AUO Fails to Bind to an LDAP Server With Error 80020009 When Using NTLM (239835)

RESOLUTION

To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

219292 How to Obtain the Latest Site Server 3.0 Service Pack

MORE INFORMATION

Using clear text authentication is a security concern when AUO is on a server other than the LDAP service. With the fix, NTLM is tried first, then cleartext.

Also, there is a new registry parameter that forces NTLM to be used exclusively.

Start Registry Editor (Regedt32.exe).

Locate the following key in the registry:

   HKEY_LOCALE_MACHINE\Software\Microsoft\Site Server\3.0\P&M\AUO\<serverinstance>\

On the Edit menu, click Add Value, and then add the following registry value:

   Value Name: AUOSecureBind.
   Data Type:  REG_DWORD
   Value:      Enter any non-zero value to only use NTLM.

Quit Registry Editor.

NOTES:

Microsoft Active Directory Service Interfaces (ADSI) version 2.5 is required for this fix to work.

The privileged account that the AUO uses for authentication with the LDAP needs to be a domain account (by default AUO creates a local account on the LDAP computer, but that needs to be changed to some domain account that has permissions on the LDAP server).

AUO Fails to Bind to an LDAP Server With Error 80020009 When Using NTLM (239835)

SYMPTOMS

CAUSE

WORKAROUND

RESOLUTION

STATUS

MORE INFORMATION