Problem
When you launch Gateway UI or Start Service you may get the below error (Check Windows Event Log for Service Error).
Gateway UI Error
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
Service Error in the event log
Service cannot be started. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged..ctor()
--- End of inner exception stack trace ---
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
at System.Activator.CreateInstance[T]()
at TdsServers.CryptoUtils.Decrypt[T](String value, String password)
at TdsServers.GwDataSource.DecodeText(String s, String pwd)
at TdsServers.Utils.StartTdsServer(TextWriter log, Nullable`1 isMarsEnabled, GwSettings cfg)
at ZsTdsService.TdsService.OnStart(String[] args)
at System.ServiceProces...
Possible reason
Your organization enforced a policy to enable FIPS compliance, which disallows specific encryption algorithms. You can confirm this by visiting the following registry.
Enabled=1 means the FIPS compliance check is Turned on
Enabled=0 or missing key means the FIPS compliance check is Turned off or not configured.
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Solution
Method #1 - Download the latest version 1.8.3 or higher
In the new version, we do not use non-FIPS-compliant algorithms for encryption. So we highly recommend you uninstall the old version and install the new one if you get the above error related to FIPS.
- After Installing the new version, you have to disable FIPS once using Method#3 (or you can use Method#2).
- Once FIPS is disabled, Launch Gateway UI and click Export Settings.
- When prompted to use the new format, click Yes
- Now click on Import Settings. Choose the file we just exported with V3 format.
- Now you can restart the gateway
- Enable FIPS by reverting changes you did to disable FIPS in step#1
- Now import that same file by clicking Import Settings.
- After Import is done, Click Save. and when prompted, Restart the service to apply the settings.
Method #2 - Disable FIPS for Gateway only
- Go to the following folder
C:\Program Files (x86)\ZappySys\ZappySys ODBC PowerPack\ZappySys.TdsServer.WindowsService
- Create 2 new files (names as below) - Open a notepad > Paste below content > Click save > When prompted, enter the file name in double quotes, e.g., "ZsTdsService.exe.config." Adding double quotes will ensure you do not get the *.txt extension at the end.
Ensure the file extension is ".config" (See screen below - Type column).
ZsTdsService.exe.config
ZappySysDataGatewayConfig.exe.config - Open both files one by one in any text editor (E.g., Notepad), and make sure the following text is there (edit and save if not below way). Now, you can open Gateway UI and restart the service. Both should work
<configuration>
<runtime>
<enforceFIPSPolicy enabled="false" />
</runtime>
</configuration>
Method #3 - Disable FIPS for all applications on the OS
Another approach is to disable FIPS for all apps. Try method#1 first before turning off FIPS globally (at the OS level).
To Turn off FIPS for all Apps, perform the following steps
- Type regedit in the start menu and open it
- Go to the following key. Set Enabled=0 to disable FIPS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Contact Us
If you have more questions feel free to contact us via Live chat or email support@zappysys.com
Comments
0 comments
Please sign in to leave a comment.