question

JackieButler-5216 avatar image
0 Votes"
JackieButler-5216 asked ·

FIPS Activated by accident

FIPS was turned on by a GPO by accident. I disabled it via the local policies and setup the GPO to disable FIPS. However, there are numerous problems now with some of my services on servers starting. Everything was fine until FIPs was enabled. For example on the Exchange Server there are two errors codes: Event ID 2142, Process Microsoft.Exchange.Directory.TopologyService.exe (PID=3160) Forest domain.local. Topology discovery failed, error details Active Directory server is not available. Error message: Active directory response: The supplied credential is invalid. The other is event ID 4027 MSExchangeADAccess, Process MSExchangeHMWorker.exe (ExHMWorker) (PID=11212). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). Error Details Active Directory server is not available. Error message: Active directory response: The supplied credential is invalid. ----> Active Directory operation failed on . The supplied credential for 'NT AUTHORITY\SYSTEM' is invalid. ----> The supplied credential is invalid. at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithLogging() at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries) ----------- ----------- at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries) at Microsoft.Exchange.Data.Directory.LdapConnectionPool.CreateOneTimeConnection(NetworkCredential networkCredential, ADServerInfo serverInfo, LocatorFlags connectionFlags) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetDirectoryServer(String partitionFqdn, ADRole role) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.InternalGetServersForRole(String partitionFqdn, IList`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure) at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn) at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn) at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext) at Microsoft.Exchange.Directory.TopologyService.Data.TopologyDiscoverySession.FindDirectoryServers(String site, List`1 dsFqdns) at Microsoft.Exchange.Directory.TopologyService.LocalForestTopologyDiscovery.FindPrimaryDS() at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.Discover() at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.DoWork(CancellationToken cancellationToken) at Microsoft.Exchange.Directory.TopologyService.Common.WorkItem`1.Execute(CancellationToken joinedToken) at System.Threading.Tasks.Task.Execute() at Microsoft.Exchange.Directory.TopologyService.TopologyDiscoveryManager.EndGetTopology(IAsyncResult ar) at Microsoft.Exchange.Directory.TopologyService.TopologyService.InternalEndGetServersForRole(IAsyncResult result) at Microsoft.Exchange.Directory.TopologyService.TopologyService.<>c_DisplayClassa.<EndGetServersForRole>b_9() at Microsoft.Exchange.Directory.TopologyService.TopologyService.ExecuteServiceCall(Action action) This is all because it can't see Active Directory, however, I can open Users and Computers active directory on the exchange server and it works fine. Something else is blocking access to AD. All started when FIPS got turned on. But its disabled now. Please assist.

office-exchange-server-administrationwindows-active-directorywindows-group-policy
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, @JackieButler-5216

Can all the services be started successfully?
An do you currently have trouble with client access or modifying exchange object?

0 Votes 0 ·

1 Answer

JackieButler-5216 avatar image
0 Votes"
JackieButler-5216 answered ·

I did a restore to the server prior to this error over the weekend and it seems to be working now. Thanks everyone.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.