Disabling the FIPS Algorithm Check RRS feed

  • Question

  • When I configured SharePoint it did not work initially. While troubleshooting I discovered that the issue is with FIPS. After following instructions in the following KB http://support.microsoft.com/kb/911722 SharePoint started working.


    But now when I am trying to invoke any OOB workflows it still comes up with the following error


    This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()

    at Microsoft.Office.InfoPath.Server.Util.UrlManager.<>c__DisplayClass4.<GetFileHash>b__3()

    at Microsoft.Office.Server.Security.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)

    at Microsoft.Office.InfoPath.Server.Util.UrlManager.GetFileHash(String physicalFilePath)

    at Microsoft.Office.InfoPath.Server.Util.UrlManager.ConstructServerFilePaths(XmlDocument fileNameMap)

    at Microsoft.Office.InfoPath.Server.Util.UrlManager..cctor()


    After further reading I tried to disable the FIPS algorithm check < enforceFIPSPolicy enabled = " false " /> within the <runtime> section of my portal web applications web.config Got this from the following blog post http://blogs.msdn.com/shawnfa/archive/2008/03/14/disabling-the-fips-algorithm-check.aspx


    Even the above fix did not work; I tried to change the value to “0” per some other blog post. I also tried to put this in machine.config and web.config in the layouts folder under 12 hive.


    FIPS policy is enforced in domain using the GPO and the registry tweak is only a temporary solution until a GPO refresh which sets the registry back to enforce FIPS. The policy setting can be found under “Local Computer Policy\Computer Configuration\ Windows Settings\Security Settings\Local Policies\Security Options” by name of “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” if it is enabled then Windows/ASP.NET will enforce checks to make sure that its using FIPS validated algorithms.


    Is there any other way I can disable the algorithm check within the .NET Framework configuration


    By looking at the call stack InfoPath Form services (IFS) is calling "MD5CryptoServiceProvider"


    In-spite of the explicitly using the user defined encryption/decryption algorithm "3DES" in web.config IFS still uses the " MD5CryptoServiceProvider " which is not FIPS validated algorithm.


    So I am looking for some way to instruct InfoPath Form Services (IFS) not to use this " MD5CryptoServiceProvider" class instead if it can use any other class which uses the FIPS approved encryption/decryption algorithms.

    Sameer Dhoot
    My Blog : http://sharemypoint.in/ | http://Intellects.in/
    • Moved by Daisy Cao MSFT Tuesday, January 19, 2010 2:38 AM v (From:Office Sharepoint)
    Monday, January 18, 2010 7:31 PM

All replies

  • Hi Sameer,


    Thank you for posting in our Partner Online Technical Community.


    This is a quick note to let you know that we are performing research on this issue and will get back to you as soon as possible. I appreciate your patience.

    Best regards,

    Inn Jin
    Partner Online Technical Community
    We hope you get value from our new forums platform! Tell us what you think:
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, January 18, 2010 11:10 PM