Overview
This article explains the steps to perform in case of the following error.
Error
"Cannot register the AD server. Strong(er) authentication required."
Following traceback is seen under the inSyncSyncServer.log
[2014-07-28 04:43:26,808] [ERROR] Error <class 'inSyncLib.inSyncError.SyncError'>:Strong(er) authentication required ( #10000007 f). Traceback -Traceback (most recent call last): File "inSyncWWWLib\ActiveDirectory.pyc", line 206, in add File "inSyncLib\inSyncRPC.pyc", line 1626, in call File "inSyncLib\inSyncRPC.pyc", line 1610, in __safe_request File "inSyncLib\inSyncRPC.pyc", line 1554, in _safe_request File "inSyncLib\inSyncRPC.pyc", line 1546, in execute File "<string>", line 1, in <module> File "xmlrpclib.pyc", line 1224, in call File "inSyncLib\inSyncBaseRPC.pyc", line 672, in __safe_request File "inSyncLib\inSyncBaseRPC.pyc", line 757, in __issue_request SyncError: Strong(er) authentication required ( #10000007 f)
Resolution
Log in to the AD Server and perform the following steps
Open Group policy manager.
Edit the Domain Controller Policy
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Look for the below two entries-
Domain Controller: LDAP Server signing requirements.
Network security: LDAP Client signing requirements
Make sure these entries are set to the following values-
Domain controller: LDAP server signing requirements= none
Network security: LDAP client signing requirements= Negotiate
In some environments the entry "Domain controller: LDAP server signing requirements" is set to "Require Signing".
Change it to "none" and run a GPUPDATE /FORCE on the AD Server.
Try to register the AD server again from the Console and this time you should be able to register it successfully.