This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 57.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
FIPS was turned on by a GPO by accident. I disabled it via the local policies and setup the GPO to disable FIPS. However, there are numerous problems now with some of my services on servers starting. Everything was fine until FIPs was enabled. For example on the Exchange Server there are two errors codes: Event ID 2142, Process Microsoft.Exchange.Directory.TopologyService.exe (PID=3160) Forest domain.local. Topology discovery failed, error details Active Directory server is not available. Error message: Active directory response: The supplied credential is invalid. The other is event ID 4027 MSExchangeADAccess, Process MSExchangeHMWorker.exe (ExHMWorker) (PID=11212). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). Error Details Active Directory server is not available. Error message: Active directory response: The supplied credential is invalid. ----> Active Directory operation failed on . The supplied credential for 'NT AUTHORITY\SYSTEM' is invalid. ----> The supplied credential is invalid. at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithLogging() at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries) ----------- ----------- at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries) at Microsoft.Exchange.Data.Directory.LdapConnectionPool.CreateOneTimeConnection(NetworkCredential networkCredential, ADServerInfo serverInfo, LocatorFlags connectionFlags) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetDirectoryServer(String partitionFqdn, ADRole role) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.InternalGetServersForRole(String partitionFqdn, IList1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure) at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn) at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn) at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext) at Microsoft.Exchange.Directory.TopologyService.Data.TopologyDiscoverySession.FindDirectoryServers(String site, List1 dsFqdns) at Microsoft.Exchange.Directory.TopologyService.LocalForestTopologyDiscovery.FindPrimaryDS() at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.Discover() at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.DoWork(CancellationToken cancellationToken) at Microsoft.Exchange.Directory.TopologyService.Common.WorkItem`1.Execute(CancellationToken joinedToken) at System.Threading.Tasks.Task.Execute() at Microsoft.Exchange.Directory.TopologyService.TopologyDiscoveryManager.EndGetTopology(IAsyncResult ar) at Microsoft.Exchange.Directory.TopologyService.TopologyService.InternalEndGetServersForRole(IAsyncResult result) at Microsoft.Exchange.Directory.TopologyService.TopologyService.<>c__DisplayClassa.<EndGetServersForRole>b__9() at Microsoft.Exchange.Directory.TopologyService.TopologyService.ExecuteServiceCall(Action action) This is all because it can't see Active Directory, however, I can open Users and Computers active directory on the exchange server and it works fine. Something else is blocking access to AD. All started when FIPS got turned on. But its disabled now. Please assist.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi, @Jackie Butler
Can all the services be started successfully?
An do you currently have trouble with client access or modifying exchange object?
I did a restore to the server prior to this error over the weekend and it seems to be working now. Thanks everyone.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 19%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
We had this issue. I believe my coworker did the following:
* moved each exchange node to an OU that blocks group policy
* on each node ran:
* RD /S /Q "%WinDir%\System32\GroupPolicyUsers" && RD /S /Q "%WinDir%\System32\GroupPolicy"
* gpupdate /force
* shutdown -r
Then exchange worked. The next step is to re-add the group policies in small groups, verifying each set doesn't breaking exchange after gpudate and reboot.