Wednesday, October 13, 2010

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

I was installing SharePoint 2010 Foundation on a Win 2008 server SP2 (NOT R2) and got the following error when I ran the config wizard:

Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown. Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA256Managed..ctor()
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.ComputeHash()
at Microsoft.SharePoint.Administration.SPUserCodeService.UpdateValidatorsHash()
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj)
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.Insert(SPSolutionValidator validator, Int32 index)
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.Add(SPSolutionValidator validator)
at Microsoft.SharePoint.Administration.SPUserCodeService.Update()
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Ensure(T newObj)
at Microsoft.SharePoint.Administration.SPUserCodeService.EnsureService(SPFarm farm, Boolean upgrading)
at Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)
at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword, SecureString masterPassphrase)
at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, String farmUser, SecureString farmPassword, SecureString masterPassphrase)
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

I checked out few blogs and KB articles, but was not able to resolve the issue.

In my case

1.) The FIPS settings was already disabled in local security policy settings.

2.) The accounts had required access to the hive, inetpub and all the other folders.

3.) We didn't have access to change the machine.config files.

After running the process monitor tool as the config wizard was running, we found that there were other Reg Keys that were showing up in the procmon logs.

On further analysis we found that there are FIPS related keys in three locations

1.)HKLM\SYSTEM\ControlSet001\Control\LSA\FipsAlgorithm

2.)HKLM\SYSTEM\ControlSet002\Control\LSA\FipsAlgorithm

3.)HKLM\SYSTEM\CurrentControlSet\Control\LSA\FipsAlgorithm

Only the 3rd key had the value as 0 i.e. disabled, but the other two had values as 1 i.e. enabled. I changed the values to 0 for the other two and then ran the PSCONFIG again. This time the installation was successfully completed. ISSUE RESOLVED.
Posted by at No comments:
Labels: ,

Tuesday, September 14, 2010

SharePoint 2010 Installation Error - FIPS cryptographic algorithm

*****************************************************************************************
UPDATE October 13th, 2010- ISSUE RESOLVED- I had to make changes to few more reg keys!
Details are available here

*****************************************************************************************************************************



I was installing SharePoint 2010 Foundation in standalone mode on a Win 2008 server SP2 (NOT R2) and got the following error when I ran the config wizard.

Failed to create the configuration database.

An exception of type System.InvalidOperationException was thrown. Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

I checked out few blogs, but was not able to resolve the issue.

These were the blogs/links I referred to:

Amol's blog:

http://sharepointknowledgebase.blogspot.com/2009/04/this-implementation-is-not-part-of.html,

this pointed me to this KB article http://support.microsoft.com/kb/911722. The KB article talks about adding a section to your web.config, but in my case, the central admin site is also still not created so there is no web.config.

I also referred to another link which suggested to disable the FIPS compliance related Local security policy, but in my case it was already disabled.

I will troubleshoot this further and keep updating this post.


Update Oct 11th,2010.

We re-imaged our virtual server, basically got a new server and tried again, same problem again.

I have posted a question in technet

http://social.technet.microsoft.com/Forums/en-US/sharepoint2010setup/thread/81e1b564-c722-4aea-b7a1-788ff35e055d

*****************************************************************************************
UPDATE October 13th, 2010- ISSUE RESOLVED- I had to make changes to few more reg keys!
Details are available here

*****************************************************************************************************************************
Posted by at 1 comment:
Labels: , , ,

Tuesday, August 31, 2010

SharePoint Item Level Permission


I am working on a requirement to secure a SharePoint list item and when I was reading about it on MSDN for the first time, I got very confused because of the class names associated with SharePoint security. SO I thought let me post a very basic article explaining how to change item level permission.

From the SharePoint UI this can be done by breaking the permission inheritance at item level and then by changing everybody's permission to read only. Go to Item Level Permission>Actions>Edit Permissions>Break Inheritance>Select all the user groups/users and give them the required permissions, in my case I am giving them read access, so that no one can change the list item once it has been submitted.


So how to change list level permission programmatically? Well, we need to make use of object model and this is one way of doing it.

The basics for getting permissions programmatically right are RoleAssignment and RoleDefinition. Users, User Groups are synonymous to RoleAssignments in the object model and permissions (Read, contribute, Owner etc) are synonymous to RoleDefinition.

So let's get started

1.) Break Inheritance
SPItemObject.BreakRoleInheritance(false);
The parameter false indicates that after breaking inheritance don’t copy any of the users from the list level, if you select true then users will get copied over to the item level.

2.) I selected false in first step because I don’t want to copy the users directly from the list level.
I will loop through all the users and user groups at the list level and add them with only read access to item. Here is the code for that, I was using this from inside a workflow, that why you see workflowProperties, workflowProperties.Item is just a SPListItem object.

//create a roledefinition for read access
SPRoleDefinition oRoleDefinition_Read = workflowProperties.Web.RoleDefinitions["Read"];
//loop through the user and groups at list level
foreach (SPRoleAssignment oRoleAssignment in workflowProperties.List.RoleAssignments)
{
//Remove all definitions(permissions)associated with the Role Assigments(Users and group)
oRoleAssignment.RoleDefinitionBindings.RemoveAll();
//Add the read only definition to role assignment
oRoleAssignment.RoleDefinitionBindings.Add(oRoleDefinition_Read);
//bind the the new role assignment to the item.
workflowProperties.Item.RoleAssignments.Add(oRoleAssignment);
}
3.) Then update the item and you are done.


We are using SharePoint WSS 3.0, MS SQL 2008, and Visual Studio 2005.

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)