locked
Enabling FIPS Compliancy on CRM Server RRS feed

  • Question

  • Hi

    We have just tried enabling FIPS compliancy on our CRM Application server and it has caused it to stop working.  Has anyone successfully enabled this? It would appear that the hashing alogorithm may be the cause of the problem from the error message detailed below

    Any help very much appreciated

    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 18/11/2010 15:22:17
    Event time (UTC): 18/11/2010 15:22:17
    Event ID: 94c3eb6629a94fc7a10f43bf0b0f92ac
    Event sequence: 3
    Event occurrence: 1
    Event detail code: 0
     
    Application information:
        Application domain: /LM/W3SVC/2/ROOT-1-129345673122897500
        Trust level: Full
        Application Virtual Path: /
        Application Path: D:\MicrosoftDynamicsCRM\CRMWeb\
        Machine name: DEVSERVER
     
    Process information:
        Process ID: 5076
        Process name: w3wp.exe
        Account name: NT AUTHORITY\NETWORK SERVICE
     
    Exception information:
        Exception type: TargetInvocationException
        Exception message: Exception has been thrown by the target of an invocation.
     
    Request information:
        Request URL: http://DEVSERVER:5555/default.aspx
        Request path: /default.aspx
        User host address: 192.168.99.55
        User: ########\##########
        Is authenticated: True
        Authentication Type: Negotiate
        Thread account name: NT AUTHORITY\NETWORK SERVICE
     
    Thread information:
        Thread ID: 3
        Thread account name: NT AUTHORITY\NETWORK SERVICE
        Is impersonating: False
        Stack trace:    at System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
       at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
       at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
       at Microsoft.Crm.CrmKeyService.ComputeHash(CrmKey key, Guid scaleGroupId, HashParameterBase[] parameters)
       at Microsoft.Crm.CrmKeyService.ComputeHash(CrmKey key, HashParameterBase[] parameters)
       at Microsoft.Crm.Application.Security.WRPCContext..ctor()
       at Microsoft.Crm.Application.Controls.AppPage.ValidateWrpcContext()
       at Microsoft.Crm.Application.Controls.AppPage.OnInit(EventArgs e)
       at System.Web.UI.Control.InitRecursive(Control namingContainer)
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
     
     
    Custom event details:

    Thursday, November 18, 2010 3:58 PM

Answers

  • I'm working for the same organisation as old fandango and have received an answer from Microsoft which is obvious when you know the answer.

    Download the Microsoft Dynamics CRM Deployment Configuration tool for Microsoft Dynamics CRM 4.0 from http://support.microsoft.com/kb/949079 there are two versions 32bit and 64 bit.

    I ran the following three commands to change the encryption keys to SHA1.

    microsoft.crm.deploymentconfigtool.exe keysettings update –keytype:CrmTicketKey –algorithm:HMACSHA1

    microsoft.crm.deploymentconfigtool.exe keysettings update –keytype:CrmWRPCTokenKey –algorithm:HMACSHA1

    microsoft.crm.deploymentconfigtool.exe keysettings update –keytype:CrmEmailsCredentialsKey –algorithm:HMACSHA1

    and used the following SQL to check before and after:

    USE MSCRM_CONFIG

    GO

    SELECT

          KS.KeyType,

          KSP.Id,

          KSP.ColumnName,

          KSP.IntColumn,

          KSP.DateTimeColumn,

          KSP.NVarCharColumn,

          KSP.Encrypted

    FROM CrmKeySettingProperties KSP

          JOIN CrmKeySetting KS

                ON KSP.Id = KS.Id

    WHERE KSP.ColumnName = 'Algorithm'

     

    • Marked as answer by Matt 205 GTi Friday, December 3, 2010 3:42 PM
    Friday, December 3, 2010 3:40 PM