MS14-066 Windows Server (2008, 2008R2, 2012, 2012R2) security update breaks winsync replication agreement for IPA and Directory server
Issue
Red Hat IPA or Red Hat Directory Server can not create a new winsync agreement after updating the Windows server.
Red Hat IPA or Red Hat Directory Server can no longer synchronize entries over an existing winsync agreement after updating the Windows server.
The MS14-066 security update for Windows Server systems (2008, 2008R2, 2012, 2012R2) enforces the use of TLS 1.1+ on all incoming connections. As a result, IPA cannot establish a win-sync replication agreement with the Active Directory LDAP service.
Environment
Red Hat Enterprise Linux 6 and IPA v3
Red Hat Enterprise Linux 7 and IPA v4
Red Hat Directory Server 8
Red Hat Directory Server 9
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.