A Domain Controller (08 R2 Server) Logs Warning Event 2887 every 24 hours.
Further research at http://technet.microsoft.com/en-us/library/dd941856(v=ws.10).aspx led us to identify this as in LDAP signing error.
Error Message:
During the previous 24 hour period, some clients attempted to perform LDAP binds that were either: (1) A SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP bind that did not request signing (integrity validation), or (2) A LDAP simple bind that was performed on a cleartext (non-SSL/TLS-encrypted) connection This directory server is not currently configured to reject such binds. The security of this directory server can be significantly enhanced by configuring the server to reject such binds. For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923. Summary information on the number of these binds received within the past 24 hours is below. You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind. To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher. Number of simple binds performed without SSL/TLS: "Value" Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: "Value"
The suggested path to resolve this error is do modify the registry of the DC to allow it log those failures.
Registry to add:
Reg Add HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics /v "16 LDAP Interface Events" /t REG_DWORD /d 2
Does anyone have any thoughts on editing the registry of a domain controller, any history with this issue, or any other good thoughts to share?
Thanks
Adam