Troubleshooting
Problem
User launches Controller client. An error appears.
Problem may only affect some client devices.
Symptom
System.Reflextion.TargetInvocationException: Exception has been thrown by the target of an invocation. --->
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated crytographic algorithms.
at System.Security.Cryptography.SHA512Managed..ctor()
Cause
There are several known causes for this error:
- Scenario #1 - Customer has configured their Controller application server's web server (IIS) with the following: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
- This is known to cause problems for Microsoft '.NET Framework', which is a requirement for Controller.
- Scenario #2 - Client device has FIPS policy enabled.
- This is known to cause problems for Microsoft '.NET Framework', which is a requirement for Controller.
Diagnosing The Problem
Scenario #2
To see if FIPS is enabled on the client device:
- Launch REGEDIT
- Navigate to key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\
- Look at the “Enabled” value in the right pane
- 0 (zero) = FIPS mode is disabled
- 1 (one) = FIPS mode is enabled
Resolving The Problem
Scenario #1
Reconfigure IIS (on the Controller application server) so that "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" is disabled.
Scenario #2
Disable FIPS on the client device.
- IMPORTANT: After making the change, you must restart the client device.
Steps:
- Launch REGEDIT
- Navigate to key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\
- Modify the “Enabled” value (in the right pane) to be: 0
Was this topic helpful?
Document Information
Modified date:
15 November 2018
UID
ibm10740605