Domain Requires Strong Authentication

When running the Test Settings function within Foldr Settings, authentication may fail with the following error:

“Your domain requires strong authentication, consider using LDAPS.”


This is due to LDAP Signing being required on the Windows Domain Controller (DC) and as a result it rejects the LDAP Simple Bind being sent by Foldr.  There are two solutions to this issue:

  1.  Disable the LDAP Signing requirement on the DC
  2.  Enable LDAPS on the DC to allow Foldr to connect using LDAP over SSL

To disable LDAP Signing:

  1. On the Domain Controller – Click Start > Run > gpedit.msc
  2. In the Group Policy Object Editor, select the relevant GPO (usually Default Domain Controllers Policy) >> Right Click >> Edit and navigate to the following section:
    Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options 
  3. Select the following entries:
  • Domain Controller: LDAP Server signing requirements.
  • Network security: LDAP Client signing requirements
  1. Set the above as follows:
  • Domain controller: LDAP server signing requirements = None (This is the default value)
  • Network security: LDAP client signing requirements = Negotiate  (This is the default value)


The recommended action in this scenario would be to leave the settings as-is and enable LDAPS on the Domain Controller to allow Foldr to securely authenticate using port 636.  Click here for more information


Need more help?

Get in touch and we'll be happy to assist you, [email protected]

© Minnow IT. Registered in England and Wales with company number 07970411.

Made with in Bristol, UK