February 14, 2020
IMM eSignPlus Product Alert
IMM has learned that Microsoft has plans to potentially roll out a patch on or around March 10, 2020 which could significantly alter the way that LDAP requests functions on your Windows server(s). Please see this Microsoft article for more information regarding this patch. ADV190023
The pending change, as described, could cause LDAP queries to fail and adversely impact your IMM eSign Plus operation. In the event that the patch is deployed by Microsoft and you are experiencing issues with IMM eSign plus operations, you may roll back the patch by modifying the keys below on your domain controllers.
Note: Please ensure you backup your registry before making any changes for obvious safeguard reasons.
What does my Registry setting look like before this patch?
| Setting | Value |
|---|---|
| Registry Key - LDAPServerIntegrity | 1 |
| Registry Key - LDAPEnforceChannelBinding | Key Does not exist |
Microsoft may change settings as portrayed below. Please confirm your registry settings before making any changes. If below registry settings exist after the MS patch, please revert as per the instructions provided below.
| Setting | Value |
|---|---|
| Registry Key - LDAPServerIntegrity | 2 |
| Registry Key - LDAPEnforceChannelBinding | 1 |
HOW TO REVERT YOUR SETTINGS IF ESIGN PLUS OPERATIONS ARE ADVERSELY IMPACTED BY THE PATCH:
- Path for Active Directory Domain Services (AD DS) domain controllers:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
- Path for Active Directory Lightweight Directory Services (AD LDS) servers:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<LDS instance name>\Parameters
| Setting | Value |
|---|---|
| Registry Key - LDAPServerIntegrity | 1 |
| Registry Key - LDAPEnforceChannelBinding | 1 |
NOTE: Making these changes reverts the security for LDAP settings. Please call IMM to upgrade your eSign Plus application software to the current level that does support the MS recommended settings for LDAP or LDAPS (SSL encryption).
| Product Version | Impacted | Resolution |
|---|---|---|
| eSignPlus 2017.1.1 or lower | Yes | Option 1. Revert Registry (recommended) Option 2. Upgrade eSign plus software and make settings changes with IMM support guidance. Please contact IMM support for further information. |
| eSignPlus 2017.1 SP2 | Yes | Option 1. Revert Registry Option 2. Change eSign settings with IMM support guidance. Please contact IMM support for further information. |
| eSignPlus 2018.1.1 | Yes | Option 1. Revert Registry Option 2. Change eSign settings with IMM support guidance. Please contact IMM support for further information. |
| 2019.x | Yes | Option 1. Revert Registry Option 2. . Change eSign settings with IMM support guidance. Please contact IMM support for further information. |
Immediate Action Required
We request that you please check your production version(s) of IMM eSign Plus and report information back to our Support group using the link below.
If it is determined that your eSign plus software requires attention, we will place you in our deployment queue and a project manager will contact you to schedule an upgrade or option/settings change.
The upgrades must be completed in your production environment by March 10, 2020. If you do not take action prior to this date, the operation of your IMM eSign plus system could be negatively impacted.
If you have any questions regarding this notice or its contents, please contact IMM Support at 800.836.4750 Option 3 or [email protected].