FIPS Activated by accident

Jackie Butler 236 Reputation points
2021-03-19T22:14:04.95+00:00

FIPS was turned on by a GPO by accident. I disabled it via the local policies and setup the GPO to disable FIPS. However, there are numerous problems now with some of my services on servers starting. Everything was fine until FIPs was enabled. For example on the Exchange Server there are two errors codes: Event ID 2142, Process Microsoft.Exchange.Directory.TopologyService.exe (PID=3160) Forest domain.local. Topology discovery failed, error details Active Directory server is not available. Error message: Active directory response: The supplied credential is invalid. The other is event ID 4027 MSExchangeADAccess, Process MSExchangeHMWorker.exe (ExHMWorker) (PID=11212). WCF request (Get Servers for domain.local) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). Error Details Active Directory server is not available. Error message: Active directory response: The supplied credential is invalid. ----> Active Directory operation failed on . The supplied credential for 'NT AUTHORITY\SYSTEM' is invalid. ----> The supplied credential is invalid. at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential) at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithLogging() at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries) ----------- ----------- at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries) at Microsoft.Exchange.Data.Directory.LdapConnectionPool.CreateOneTimeConnection(NetworkCredential networkCredential, ADServerInfo serverInfo, LocatorFlags connectionFlags) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetDirectoryServer(String partitionFqdn, ADRole role) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.InternalGetServersForRole(String partitionFqdn, IList1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested) at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure) at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn) at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn) at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext) at Microsoft.Exchange.Directory.TopologyService.Data.TopologyDiscoverySession.FindDirectoryServers(String site, List1 dsFqdns) at Microsoft.Exchange.Directory.TopologyService.LocalForestTopologyDiscovery.FindPrimaryDS() at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.Discover() at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.DoWork(CancellationToken cancellationToken) at Microsoft.Exchange.Directory.TopologyService.Common.WorkItem`1.Execute(CancellationToken joinedToken) at System.Threading.Tasks.Task.Execute() at Microsoft.Exchange.Directory.TopologyService.TopologyDiscoveryManager.EndGetTopology(IAsyncResult ar) at Microsoft.Exchange.Directory.TopologyService.TopologyService.InternalEndGetServersForRole(IAsyncResult result) at Microsoft.Exchange.Directory.TopologyService.TopologyService.<>c__DisplayClassa.<EndGetServersForRole>b__9() at Microsoft.Exchange.Directory.TopologyService.TopologyService.ExecuteServiceCall(Action action) This is all because it can't see Active Directory, however, I can open Users and Computers active directory on the exchange server and it works fine. Something else is blocking access to AD. All started when FIPS got turned on. But its disabled now. Please assist.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,096 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,238 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,499 questions
{count} votes

1 additional answer

Sort by: Most helpful
  1. Darren DeHaven 1 Reputation point
    2022-11-14T15:36:22.217+00:00

    We had this issue. I believe my coworker did the following:
    * moved each exchange node to an OU that blocks group policy
    * on each node ran:
    * RD /S /Q "%WinDir%\System32\GroupPolicyUsers" && RD /S /Q "%WinDir%\System32\GroupPolicy"
    * gpupdate /force
    * shutdown -r

    Then exchange worked. The next step is to re-add the group policies in small groups, verifying each set doesn't breaking exchange after gpudate and reboot.

    0 comments No comments