Blog

Windows Platform FIPS error

Not sure what started it, but my Visual Studio projects stopped building with this error:

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Others could build the code fine so that made it “my problem”.   While banging my head on the wall, another application we use that’s really a web based app wrapped in a desktop app quite working. It would just give an unhandle exception error and say “System.InvalidOperationException” error.  On a whim, I decided to let it debug and that fired up Visual Studio 2010.  To my suprise, there was the same FIPS error.  Now I had a root cause for both my issues which let me to Raj Rao’s post.  It was an old post (2007) but it got me going.  Other MS KB’s were related to .Net 2.0 and ASP.net apps so I was at a lose so I gave it a shot.  Following Raj’s post, here’s what I did…

  1. I went to Administrative Tools, opened Local Security Policy
  2. Expand Local Policies
  3. Clicked Security Options
  4. There I found System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms was indeed set to Enabled.

I changed that setting to Disabled and everything started to work…didn’t even require a restart.  The default for that setting is Disabled so what enabled it I have no idea.  I didn’t need it so my researched ended there.  

Return TopTrackbackPrintPermalink

Comments

Got something to say? Join the discussion »
    Posted @ 11/10/2012 11:47 PM by Willie Stylez
    Willie Stylez's avatar

    Thanks so much for this write up! That cleared up a lot of unanswered questions for me. One other suggestion that worked for me, since disabling FIPS was not an option in our environment, was the following:

    The following modification is required:
    In the system.web section of the Web.Config, add the following {machineKey}:
    {machineKey decryption="3DES" /}
    Restart IIS

    PLEASE NOTE: replace the } with >, couldn't use the correct symble because the comment box caught it as HTML code.

    That made our web apps work on FIPS compliant servers.

    Posted @ 11/10/2012 11:43 PM by Willie Stylez
    Willie Stylez's avatar

    Thanks so much for this write up! That was cleared up a lot of things for me. One other suggestion that worked for me, since disabling FIPS was not an option in our environment, was the following:

    The following modification is required:
    In the system.web section of the Web.Config, add the following :

    Restart IIS

    That made our web apps work on FIPS compliant servers.

leave a reply

 [Quick Submit with Ctrl+Enter]

Remember my details
Notify me of followup comments via e-mail