Environment
Novell ZENworks Configuration Management 11.x Bundles
Novell ZENworks Patch Management 11.x
Microsoft Windows Server 2008
Microsoft Windows 7
Novell ZENworks Patch Management 11.x
Microsoft Windows Server 2008
Microsoft Windows 7
Situation
FIPS is disabled on the failing workstation
The following registry key is set indicating that FIPS is really disabled:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
"Enabled"=dword:00000000
Messages similar to the following could be seen in the zmd-messages.log:
[ZenworksWindowsService] [27] [] [PolicyManager] [ActionMan.ActionException] [The action {0} threw an exception. Message: {1}. Exception: {2} (grouppolicy, This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.)] [] []
[ContentManager] [] [Exception computing checksum for file C:\Program Files\Novell\ZENworks\cache\zmd\ZenCache\c60ad5c5-d9e0-48aa-b5c1-449a7546e461\01DE269D-DC3D-4B7A-9F51-D0642EECC266.plp
Type: System.InvalidOperationException
Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Custom Exception Data:
path ==> C:\Program Files\Novell\ZENworks\cache\zmd\ZenCache\c60ad5c5-d9e0-48aa-b5c1-449a7546e461\01DE269D-DC3D-4B7A-9F51-D0642EECC266.plp
Stack Trace:
at System.Security.Cryptography.SHA256Managed..ctor()
at Novell.Zenworks.Content.ZenContentUtils.ComputeChecksum(String path)
] [] []
[BundleManager] [ActionMan.FailureProcessingActionException] [Failed to process action: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
[Bundle] [Bundle.ItemCreationError] [Error creating item to represent bundle: 8881011cd314f6621ec20297a203acad Exception: Object reference not set to an instance of an object. Stack: at Novell.Zenworks.AppModule.AppLocalState.GetDeviceInstallVersion()
at Novell.Zenworks.AppModule.AppActionItem.IsAppInstalled()
The following registry key is set indicating that FIPS is really disabled:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
"Enabled"=dword:00000000
Messages similar to the following could be seen in the zmd-messages.log:
[ZenworksWindowsService] [27] [] [PolicyManager] [ActionMan.ActionException] [The action {0} threw an exception. Message: {1}. Exception: {2} (grouppolicy, This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.)] [] []
[ContentManager] [] [Exception computing checksum for file C:\Program Files\Novell\ZENworks\cache\zmd\ZenCache\c60ad5c5-d9e0-48aa-b5c1-449a7546e461\01DE269D-DC3D-4B7A-9F51-D0642EECC266.plp
Type: System.InvalidOperationException
Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Custom Exception Data:
path ==> C:\Program Files\Novell\ZENworks\cache\zmd\ZenCache\c60ad5c5-d9e0-48aa-b5c1-449a7546e461\01DE269D-DC3D-4B7A-9F51-D0642EECC266.plp
Stack Trace:
at System.Security.Cryptography.SHA256Managed..ctor()
at Novell.Zenworks.Content.ZenContentUtils.ComputeChecksum(String path)
] [] []
[BundleManager] [ActionMan.FailureProcessingActionException] [Failed to process action: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.]
[Bundle] [Bundle.ItemCreationError] [Error creating item to represent bundle: 8881011cd314f6621ec20297a203acad Exception: Object reference not set to an instance of an object. Stack: at Novell.Zenworks.AppModule.AppLocalState.GetDeviceInstallVersion()
at Novell.Zenworks.AppModule.AppActionItem.IsAppInstalled()
Resolution
Delete the following registry key from the workstation:
NOTE: This is very similar, but not the same as the registry key mentioned in the Situation.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"fipsalgorithmpolicy"=dword:00000001
NOTE: This is very similar, but not the same as the registry key mentioned in the Situation.
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"fipsalgorithmpolicy"=dword:00000001
Cause
This issue can be caused by disabling FIPS via the registry instead
of through the policy editor.
Additional Information
The bad registry setting is what would be there on Microsoft
Windows XP or Windows Server 2003.
More information about this error can be found at:
http://stackoverflow.com/questions/12502281/this-implementation-is-not-part-of-the-windows-platform-fips-validated-cryptogra
More information about this error can be found at:
http://stackoverflow.com/questions/12502281/this-implementation-is-not-part-of-the-windows-platform-fips-validated-cryptogra