254 questions
After double checking the messages captured by WireShark, I found that I misunderstood the protocol WireShark returned, it was TLS 1.2 & 1.3. Thanks for your help!
Why Windows Server 2025 always uses TLS 1.0 to connect to remote LDAP Server?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi all,
I met an issue on Windows Server 2025 Standard (Version: 24H2, OS Build: 26100.2314, Experience: Windows Feature Experience Pack 1000.26100.32.0) when trying to connect to LDAP Server.
I wrote a C++ tool, using 'ldap_sslinit' to initialize an LDAP Connection and then 'ldap_connect' to connect to a remote LDAP Server. The tool is run on a Windows Server 2025. Unexpectedly, ldap_connect returns 0x51(LDAP_SERVER_DOWN). I used Wireshark to capture the LDAP traffics, and I found the Windows Server 2025 machine tries to use TLS 1.0 to say hello to the LDAP server. After double check the TLS settings in Registry, TLS 1.0 and 1.1 are disabled and TLS 1.2 and 1.3 are enabled by default.
Same test was done on Windows 11 Enterprise (Version: 21H2, OS Build: 22000.3260, Experience: Windows Feature Experience Pack 1000.22004.1000.0), LDAP Server can be connected correctly. The default enabled TLS protocol version are 1.2 and 1.3. When connecting to LDAP Server, the Windows 11 machine tries to use TLS v1.2 to say hello to the LDAP server.
TLS 1.0 should be disabled by default on Windows Server 2025 according to the following link:
https://learn.microsoft.com/en-us/windows-server/get-started/removed-deprecated-features-windows-server-2025
Could someone give me some detailed information on why Windows Server 2025 uses TLS 1.0 when connecting to LDAP Server?
Thanks a lot!
Windows for business | Windows Server | Networking | Other
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.
{count} votes
Accepted answer
-
Anonymous
2024-11-21T05:48:21+00:00
5 additional answers
Sort by: Most helpful
-
Anonymous
2024-11-15T14:17:50+00:00 Hi ISxuezha,
I suggest that you use Group Policy to disable the TLS protocol.
Click windows+R and enter gpedit.msc.
Open Group Policy and open [Computer Configuration] - [Administrative Templates] - [Windows Components] - [Internet Explorer] - [Internet Control Panel] - [Advanced Page] in sequence.
Find "Disable encryption support" on the right and set it to enabled. Set the protocol combination to tls1.0.
Then click OK and restart the computer to see if the issue is resolved.
Best Regards
Zunhui
-
Anonymous
2024-11-18T02:50:21+00:00 Hi Zunhui,
Thanks for your help, but after changing "Turn off encryption support" to enable and set the protocol combination to TLS 1.0, WireShark is still capturing TLS 1.0 messages when connecting to LDAP Server. -
Anonymous
2024-11-18T07:54:26+00:00 Hi,
Thank you for your reply. I suggest you open the Network and Sharing Center, find the Advanced tab in the Network tab as shown in the figure below and see if there is TLS 1.0. If it is checked, please uncheck it.
Best Regards
Zunhui
-
Anonymous
2024-11-18T08:11:05+00:00 Hi Zunhui,
Thanks for your reply. I have double checked the settings you mentioned and found that TLS 1.0 is not selected.
