In March 2020 Microsoft plans to release a security update on Windows Update that by default enables LDAP channel binding and LDAP signing hardening changes for Active Directory.Details and technical background of these changes are described in the Microsoft articles linked in the related information section of this KBA.
When the security settings are enabled and the pre-conditions are not met, especially if SafeGuard Server and computers running the SafeGuard Management Center are not updated with the required Microsoft Security Updates (see CVE-2017-8563), the SSL directory authentication does not work any longer.
For SafeGuard this means that,
Example error messages:
Ensure that all involved computers are patched with the relevant Microsoft security update for CVE-2017-8563.
Alternatively you can:
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Note: Information above taken from KBA 135029