Forum Discussion

01189998819991197253's avatar
01189998819991197253
Copper Contributor
Sep 28, 2023

Why does KB5026409 cause SASL EXTERNAL to fail?

I have an Active Directory server running Windows Server 2012 R2. My Android app connects to the server, authenticating using SASL EXTERNAL bind with a certificate issued by the server's CA.

After installing patch KB5026409, the attempt to do the SASL EXTERNAL bind failed with the error "The server did not receive any credentials via TLS". Wireshark packet capture showed that the server did indeed ask for and receive the client certificate during the TLS handshake, so this error does not make sense to me.

Installation of further security and cumulative updates did not resolve this issue. However, uninstalling KB5026409 restores the ability to authenticate via SASL EXTERNAL bind.

Do I need to make some configuration or registry changes in order to support SASL EXTERNAL bind after installing this KB?

 

I am copying this post from the other forum as requested by another user: https://learn.microsoft.com/en-us/answers/questions/1373156/why-does-kb5026409-cause-sasl-external-to-fail

 

  • rbrittner's avatar
    rbrittner
    Copper Contributor
    encounter same issue with Windows 2016. Trying to identify which cumulative update from Microsoft includes this KB so we can roll it back. We patched up to Sept 2023 still fails.
    • rbrittner's avatar
      rbrittner
      Copper Contributor
      Well after rolling back cumulative security patches I found May 9th cumulative security patch is where my LDAP breaks. The patch included in Security Patch for May corrects CVE-2023-28283, My question is there a work around for it or a fix. Here is the error I get after I patch our Domain Controllers..

      Error:
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090317: LdapErr: DSID-0C090645, comment: The server did not receive any credentials via TLS, data 0, v3839]; remaining name 'ou=xxx,dc=yyy,dc=zzzz,dc=aa,dc=ssss,dc=nnn'

Resources