Portal Engine Questions on portal engine and web parts.
Version 7.x > Portal Engine > Windows Platform FIPS Errors View modes: 
User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 11/20/2012 1:11:52 PM
   
Windows Platform FIPS Errors
I'm in the process of deploying a locally developed Kentico v7.0.7 website to our Windows 2008 R2 server and none of my macros are working. I'm getting a RESOLVEDATMACRO error in the Event Log. Any idea on how to resolve this? What I've searched for has been less than helpful. Here is an example error:
Error while evaluating expression: Math.RandomSelection( List(1,2,3,4,5,6),1)|(user)user101|(hash)0bf40d9c4c65e261afaa5fa00d7f2e11f64ebb9f3710a92545de4a4d037b99c5
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA256Managed..ctor()
at CMS.GlobalHelper.SecurityHelper.GetSHA2Hash(String inputData)
at CMS.GlobalHelper.ValidationHelper.ValidateHash(String value, String hash, Boolean userSpecific, Boolean redirect, String customSalt)
at CMS.GlobalHelper.ValidationHelper.ValidateHash(String value, String hash, Boolean userSpecific, Boolean redirect)
at CMS.GlobalHelper.MacroResolver.CheckMacroIntegrity(String expression, String userName, String hash)
at CMS.GlobalHelper.MacroResolver.ResolveDataMacro(String expression, Object& result, Boolean& match, Boolean keepObjectsAsResult, Boolean& securityCheckPassed, Boolean& doNotResolve, Boolean skipSecurityCheck)

User avatar
Kentico Customer Success
Kentico Customer Success
kentico_martind2 - 11/21/2012 1:57:19 AM
   
RE:Windows Platform FIPS Errors
Hi,

I've found that this behaviour can be caused by registry settings, especially on Windows 2008 Server.

Could you please check your registry settings according to these articles:
1. Issue: Getting 'This implementation ... Platform FIPS validated cryptographic algorithms.' exception
2. FIPS validated cryptographic algorithms

Best regards,
Martin Danko

User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 11/28/2012 7:47:45 AM
   
RE:Windows Platform FIPS Errors
Thanks Martin. Attempted both of those suggestions with no success. Does this matter that the server is in a webfarm? IIS is telling me I should specify validation and decryption keys if its in a webfarm.

User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 12/3/2012 12:27:06 PM
   
RE:Windows Platform FIPS Errors
Just an update, I had to disable FIPS on the server in order to get it to work properly. After some discussion with the security person and some further testing, I modified the machine.config file in both the Framework and Framework64 directories for both v2 and v4 of the .net framework, enabled FIPS again (registry setting) and did an iisreset and that appeared to fix it!

User avatar
Kentico Customer Success
Kentico Customer Success
kentico_martind2 - 12/4/2012 7:53:11 AM
   
RE:Windows Platform FIPS Errors
Hi,

I'm glad to hear that you've solved this issue. However it sounds a little bit complicated. Maybe if you could write more details about the changes in machine.config that will be great. It can be helpful for the other users in the future. Thanks :)

Best regards,
Martin Danko

User avatar
Kentico Legend
Kentico Legend
Brenden Kehren - 12/21/2012 12:30:36 PM
   
RE:Windows Platform FIPS Errors
On the server the website is running on with FIPS enabled, I went to

C:\Windows\Microsoft.NET\Framework64\v4.0.3019\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config

And modified the
<configuration>
<runtime>
<enforceFIPSPolicy enabled="false"/>
</runtime>
</configuration>

node to look like above.

After I modified both, I opened a command prompt and ran IISRESET and the website came up without issue.