Wednesday, October 13, 2010

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

I was installing SharePoint 2010 Foundation on a Win 2008 server SP2 (NOT R2) and got the following error when I ran the config wizard:

Failed to create the configuration database.
An exception of type System.InvalidOperationException was thrown. Additional exception information: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA256Managed..ctor()
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.ComputeHash()
at Microsoft.SharePoint.Administration.SPUserCodeService.UpdateValidatorsHash()
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj)
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.Insert(SPSolutionValidator validator, Int32 index)
at Microsoft.SharePoint.UserCode.SPSolutionValidatorCollection.Add(SPSolutionValidator validator)
at Microsoft.SharePoint.Administration.SPUserCodeService.Update()
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Add(T newObj, Boolean ensure)
at Microsoft.SharePoint.Administration.SPPersistedChildCollection`1.Ensure(T newObj)
at Microsoft.SharePoint.Administration.SPUserCodeService.EnsureService(SPFarm farm, Boolean upgrading)
at Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)
at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword, SecureString masterPassphrase)
at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, String farmUser, SecureString farmPassword, SecureString masterPassphrase)
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()
at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()
at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

I checked out few blogs and KB articles, but was not able to resolve the issue.

In my case

1.) The FIPS settings was already disabled in local security policy settings.

2.) The accounts had required access to the hive, inetpub and all the other folders.

3.) We didn't have access to change the machine.config files.

After running the process monitor tool as the config wizard was running, we found that there were other Reg Keys that were showing up in the procmon logs.

On further analysis we found that there are FIPS related keys in three locations

1.)HKLM\SYSTEM\ControlSet001\Control\LSA\FipsAlgorithm

2.)HKLM\SYSTEM\ControlSet002\Control\LSA\FipsAlgorithm

3.)HKLM\SYSTEM\CurrentControlSet\Control\LSA\FipsAlgorithm

Only the 3rd key had the value as 0 i.e. disabled, but the other two had values as 1 i.e. enabled. I changed the values to 0 for the other two and then ran the PSCONFIG again. This time the installation was successfully completed. ISSUE RESOLVED.