jspωiki
Event 2889

Overview#

Event 2889 (DIRLOG_UNSIGNED_CLIENT_DETAILS) is an Windows Security Log Event within the Microsoft Windows Logging indicating the DUA (clients) which performed an insecure Bind Request without LDAPServerIntegrity

Event 2889 reports the Client's IP Address of Bind Requests without LDAPServerIntegrity of the LDAP Message

From what Ldapwiki can determine this is done regardless of weather this Domain Controller is configured to reject Bind Request without LDAPServerIntegrity

Windows Security Log Event Message#

The messages is similar to:
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection. Client IP address: "Value" Identity the client attempted to authenticate as: "Value"

More Information#

There might be more information for this subject on one of the following: