Are you sure this is the reason? Yes it’s Microsoft AD, but we have never had this issue before with any other products.
In any case, I have tried using LDAPS using port 636 to our domain controller, but when pressing test settings, it fails.
I am a system administrator for most things in our organisation except the domain controllers which I have no access to. We are a very big global company with high security thinking so to me it sounds strange that nothing else than plain text would be supported by the domain controllers running server 2016.
In fact, since the security scan failed on the Openfire server due to plain text passwords, I am not allowed to put it into production until it’s solved.
So we now disabling this feature also disabled the possibility for clients to login.
We also know that trying LDAPS on port 636 fails.
I also know that NTLM is enabled in Openfire and NTLM works with other products we use in our organisation, but not for Openfire for some reason.