Microsoft KB Archive/239835

= AUO Fails to Bind to an LDAP Server With Error 80020009 When Using NTLM =

Article ID: 239835

Article Last Modified on 9/22/2005

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q239835



SYMPTOMS
AUO (Active User Object) may fail to bind to a Lightweight Directory Access Protocol (LDAP) server, generating error 80020009, when using Microsoft Windows NT LAN Manager security (NTLM).



CAUSE
The default behavior of AUO is to only bind using clear text authentication (basic authentication).



WORKAROUND
Use Secure Sockets Layer (SSL).



RESOLUTION
To resolve this problem, obtain the latest service pack for Site Server 3.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

219292 How to Obtain the Latest Site Server 3.0 Service Pack



STATUS
This problem was first corrected in Site Server 3.0 Service Pack 3.



MORE INFORMATION
Using clear text authentication is a security concern when AUO is on a server other than the LDAP service. With the fix, NTLM is tried first, then cleartext.

Also, there is a new registry parameter that forces NTLM to be used exclusively.  Start Registry Editor (Regedt32.exe).  Locate the following key in the registry:   HKEY_LOCALE_MACHINE\Software\Microsoft\Site Server\3.0\P&M\AUO\ \   On the Edit menu, click Add Value, and then add the following registry value:   Value Name: AUOSecureBind. Data Type: REG_DWORD Value:     Enter any non-zero value to only use NTLM.  Quit Registry Editor.</li></ol>

NOTES:

Microsoft Active Directory Service Interfaces (ADSI) version 2.5 is required for this fix to work.

The privileged account that the AUO uses for authentication with the LDAP needs to be a domain account (by default AUO creates a local account on the LDAP computer, but that needs to be changed to some domain account that has permissions on the LDAP server).

Keywords: kbbug kbfix kbqfe kbhotfixserver KB239835

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.