In one case we observed that with the very first automatic change of the Windows clients’ machine account password after the functioning levels were updated, the clients temporarily lost the ability to authenticate against the Domain controllers. All that needed to be done was to reboot the Windows clients and everything was fine again. Subsequent machine account password changes are fine, too.
By default, Windows clients change their machine account password every 30 days. That means they don’t do it all at the same time and even if the change is due, it is done only after the Windows client is running for a couple of minutes. So you might see “random” login / authentication problems, for example after people locked their screens and want to re-login again or something similar.
Bottom line: If you see authentication problems some days or few weeks after raising the functioning levels, reboot your Windows 
There are also ways to force the machine account password change so you can handle all Windows clients in a short maintenance window.
Best regards,
Michael Grandjean