vCenter SSO LDAP integration failing with Server 2025

I recently upgraded my Domain Controller to the Server 2025. Not long after the upgrade, I noticed I could no longer sign into vSphere with AD accounts. Under Single Sign On in vCenter Server, against my domain I saw the following error message:

A vCenter Single Sign-On service error occurred

Under the configuration for LDAP Identity Source, if I tried to edit and save I saw an error similar to:

Caused by: Strong(er) authentication required

I figured it might be to do with stronger security requirements in Server 2025. For production environments you really should be using LDAPS, but given this is a homelab I’m happy enough with regular LDAP, plus it’s easier to configure.

The workaround is to create a new Group Policy (or edit an existing one) and configure the following settings under:

Computer Configuration > Policies > Security Settings > Local Policies > Security Options.

Domain controller: LDAP server channel binding token requirements – “When Supported”
Domain controller: LDAP server signing requirements – “None”
Domain controller: LDAP server Enforce signing requirements – “Disabled”
Network security: LDAP client encryption requirements – “Negotiate Sealing”
Network security: LDAP client signing requirements – “Negotiate Signing”

Once configured, do a gpupdate /force and reboot, then vSphere LDAP configuration should be working again.

As a reminder – not recommended in a production environment where you should be using LDAPS, but for a homelab or similar environment you could use the above workaround.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.