Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Impact of 2020 LDAP Channel Binding and LDAP Signing Requirements for Windows on Trend Micro Web Security (TMWS) 3.0

    • Updated:
    • 17 Mar 2020
    • Product/Version:
    • Trend Micro Web Security 3.0
    • Platform:
    • N/A
Summary

According to this Security Advisory, Microsoft provides recommendations for administrators to harden the configurations for LDAP channel binding and LDAP signing on Active Directory domain controllers.

Because of that, Trend Micro has delivered new versions of the Synchronization Agent and the Authentication Agent for Trend Micro Web Security 3.0.

Details
Public

Recommended Actions

Customers who are using either the Synchronization Agent or the Authentication Agent can follow the steps below.

 
Customers who do NOT use either of these agents will not need to apply any change on their side.
 
  1. Back up the current Sync Agent UI settings before running the following steps.
  2. Download the latest Sync Agent from the TMWS Admin console after 10th March 2020.
  3. Uninstall the existing Sync Agent.
  4. Install the new Sync Agent.
  5. Change the configuration as follows:
    1. Navigate to [Sync agent installation path]\Trend Micro\InterScan Web Security as a Service\ADSyncAgent\.
    2. Open the ldapSync.ini file using a text editor.
    3. Look for "ldaps", and change the value to 1.
    4. Save the file.
  6. Recover the UI settings backed up during step 1.
  7. Start the Sync agent and try a manual synchronization once.
  1. Back up the current Auth Agent UI settings before running the following steps.
     
    It is recommended to perform the following steps during a maintenance window in order to not impact live traffic.
     
  2. Download the latest Auth Agent from the TMWS Admin console after 10th March 2020.
  3. Run the following command via command line on the server where the Auth agent is installed (you must run it as an administrator):
    taskkill.exe /f /T /fi "SERVICES eq IWSaaSAuthAgent"
  4. Uninstall the existing Auth Agent.
  5. Install the new Auth Agent.
  6. Change the configuration as follows:
    1. Navigate to [Auth agent installation path]\Trend Micro\InterScan Web Security as a Service\AuthenticationAgent\simplesamlphp\config\.
    2. Open the ldap.ini file using a text editor.
    3. Look for "ldaps", and change the value to 1.
    4. Save the file.
  7. Recover the UI settings backed up during step 1.
  8. Start the Auth agent and try to authenticate as an end-user once.

For any concern, contact Trend Micro Technical Support.

Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000247155
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.