I recently upgraded my Domain Controller to the Server 2025. Not long after the upgrade, I noticed I could no longer sign into vSphere with AD accounts. Under Single Sign On in vCenter Server, against my domain I saw the following error message:
A vCenter Single Sign-On service error occurred
Under the configuration for LDAP Identity Source, if I tried to edit and save I saw an error similar to:
Caused by: Strong(er) authentication required
I figured it might be to do with stronger security requirements in Server 2025. For production environments you really should be using LDAPS, but given this is a homelab I’m happy enough with regular LDAP, plus it’s easier to configure.
The workaround is to create a new Group Policy (or edit an existing one) and configure the following settings under:
Computer Configuration > Policies > Security Settings > Local Policies > Security Options.
Domain controller: LDAP server channel binding token requirements – “When Supported”
Domain controller: LDAP server signing requirements – “None”
Domain controller: LDAP server Enforce signing requirements – “Disabled”
Network security: LDAP client encryption requirements – “Negotiate Sealing”
Network security: LDAP client signing requirements – “Negotiate Signing”
Once configured, do a gpupdate /force and reboot, then vSphere LDAP configuration should be working again.
As a reminder – not recommended in a production environment where you should be using LDAPS, but for a homelab or similar environment you could use the above workaround.