Description
Describe the bug
Module fails to fully validate against Windows Server 2019 AD. When trying to configure the module settings it always fails on the Checking Root Domain step but the Accessing Global Catalog and Accessing LDAP pass. We can see in the logs that the module successfully connects and pulls the user's information from AD but then fails on password validation. If we load the URL directly it kicks up the user/password prompt which does work for authentication.
/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx
The error we find in the logs for trying to save the settings or logging in is "A more secure authentication method is required for this server" which a variety of web searches suggest this might have to do with LDAP channel binding and LDAP signing.
We've tried a variety of root domains settings using DC=LAB,DC=GROUP,DC=UNIVERSITY,DC=EDU and LDAP:// and LDAPS://LAB.GROUP.UNIVERSITY.EDU and they all fail on the Checking Root Domain step. We've also tried every Authentication Type too and none of them fix it.
Software Versions
- DNN: 09.04.04
- DNN: 09.07.00
- Module: 07.00.00
Screenshots
Error log
The below error is kicked out when trying to save the settings for the module to connect to our AD and also when trying to login.
AbsoluteURL:/Default.aspx
DefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNuke
ExceptionGUID:a79338bc-e733-467c-ad09-dc287a6ce131
AssemblyVersion:
PortalId:-1
UserId:-1
TabId:-1
RawUrl:
Referrer:
UserAgent:
ExceptionHash:jWdkvuz8cHe6slf4z5+CKSx2sDE=
Message:A more secure authentication method is required for this server.
StackTrace:
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_Name()
at DotNetNuke.Authentication.ActiveDirectory.ADSI.Utilities.GetRootEntry(Path ADSIPath)
InnerMessage:
InnerStackTrace:
Source:System.DirectoryServices
FileName:
FileLineNumber:0
FileColumnNumber:0
Method:
Activity