MS14-066 Windows Server (2008, 2008R2, 2012, 2012R2) security update breaks winsync replication agreement for IPA and Directory server

Solution Verified - Updated -

Issue

Red Hat IPA or Red Hat Directory Server can not create a new winsync agreement after updating the Windows server.

Red Hat IPA or Red Hat Directory Server can no longer synchronize entries over an existing winsync agreement after updating the Windows server.

The MS14-066 security update for Windows Server systems (2008, 2008R2, 2012, 2012R2) enforces the use of TLS 1.1+ on all incoming connections. As a result, IPA cannot establish a win-sync replication agreement with the Active Directory LDAP service.

Environment

Red Hat Enterprise Linux 6 and IPA v3
Red Hat Enterprise Linux 7 and IPA v4
Red Hat Directory Server 8
Red Hat Directory Server 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content