February 14, 2020

IMM eSignPlus Product Alert

IMM has learned that Microsoft has plans to potentially roll out a patch on or around March 10, 2020 which could significantly alter the way that LDAP requests functions on your Windows server(s). Please see this Microsoft article for more information regarding this patch. ADV190023

 

The pending change, as described, could cause LDAP queries to fail and adversely impact your IMM eSign Plus operation. In the event that the patch is deployed by Microsoft and you are experiencing issues with IMM eSign plus operations, you may roll back the patch by modifying the keys below on your domain controllers.

 

Note: Please ensure you backup your registry before making any changes for obvious safeguard reasons.

 

What does my Registry setting look like before this patch?

SettingValue
Registry Key - LDAPServerIntegrity1
Registry Key - LDAPEnforceChannelBindingKey Does not exist

Microsoft may change settings as portrayed below. Please confirm your registry settings before making any changes. If below registry settings exist after the MS patch, please revert as per the instructions provided below.

SettingValue
Registry Key - LDAPServerIntegrity2
Registry Key - LDAPEnforceChannelBinding1

HOW TO REVERT YOUR SETTINGS IF ESIGN PLUS OPERATIONS ARE ADVERSELY IMPACTED BY THE PATCH:

Proceed to the following registry paths, verify and if required – revert to your original registry settings.
  • Path for Active Directory Domain Services (AD DS) domain controllers:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
  • Path for Active Directory Lightweight Directory Services (AD LDS) servers:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<LDS instance name>\Parameters

SettingValue
Registry Key - LDAPServerIntegrity1
Registry Key - LDAPEnforceChannelBinding1

NOTE: Making these changes reverts the security for LDAP settings. Please call IMM to upgrade your eSign Plus application software to the current level that does support the MS recommended settings for LDAP or LDAPS (SSL encryption).

Product VersionImpactedResolution
eSignPlus 2017.1.1 or lowerYesOption 1. Revert Registry (recommended)
Option 2. Upgrade eSign plus software and make settings changes with IMM support guidance. Please contact IMM support for further information.
eSignPlus 2017.1 SP2YesOption 1. Revert Registry
Option 2. Change eSign settings with IMM support guidance. Please contact IMM support for further information.
eSignPlus 2018.1.1YesOption 1. Revert Registry
Option 2. Change eSign settings with IMM support guidance. Please contact IMM support for further information.
2019.xYesOption 1. Revert Registry
Option 2. . Change eSign settings with IMM support guidance. Please contact IMM support for further information.

Immediate Action Required

We request that you please check your production version(s) of IMM eSign Plus and report information back to our Support group using the link below.

If it is determined that your eSign plus software requires attention, we will place you in our deployment queue and a project manager will contact you to schedule an upgrade or option/settings change.

The upgrades must be completed in your production environment by March 10, 2020. If you do not take action prior to this date, the operation of your IMM eSign plus system could be negatively impacted.

If you have any questions regarding this notice or its contents, please contact IMM Support at 800.836.4750 Option 3 or [email protected].