RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
- From: Steve Mushkat <SteveMushkat@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Apr 2008 06:19:04 -0700
Hi Tyrone,
We're using SQL Server 2005, latest SP & patches, and yes it does have FIPS
enabled as well. I'm still working the case with Microsoft support, they
have been able to reproduce the problem, but we're waiting for the problem to
work its way up through their stack of issues. Will post anything we find
out!
There is a blog entry about suppressing the error messages:
http://blogs.msdn.com/shawnfa/archive/2008/03/14/disabling-the-fips-algorithm-check.aspx
Doesn't seem this suppresses actually using FIPS, just prevents the messages
from appearing in the logs.
Steve
"Tyrone D." wrote:
Hey Steve,.
Which version of SQL are you using with your farm? Also, do you have FIPS
enabled on the SQL server?
Thanks,
Tyrone
"Steve Mushkat" wrote:
An update...we've been working with Microsoft Support on this problem, and
they've stated this will need to go in as a "design change request" and not a
bug fix. The issue is that every minute, the timer service checks to see if
any new SSP's were provisioned (among other things) - it's this check that's
failing because in order to check, it needs to fetch a credential out of the
registry, and of course the credential is stored with the MD5 hash, not the
3DES encryption. Hence - errors every minute.
There's one other related DCR, but the more we can complain about it the
more attention the problem will get - squeaky wheel & all! If you have the
option, please get in touch with MS Support to see if you can also raise this
issue.
I found a seconary problem apart from the recurring errors in the log -
couldn't get content deployment to work with FIPS enabled. Working this
issue through MS Support as well.
"Steve Mushkat" wrote:
I support a server that has the GPO policy "System cryptography: Use FIPS
compliant algorithms for encryption" enabled. I saw on Live Search that I
needed to modify the machineKey attribute on my web.config files in IIS to
use the 3DES algorithm instead of SHA1, which was needed in order for any of
the web sites to come up.
However, once every minute I still am getting a 6482 error in the
Application event log - I've tried everything I can think of to resolve this
but I'm stuck!! I've re-entered the service account passwords from Central
Admin, re-entered the passwords in the Services snap-in, re-ran the
configuration wizard, reinstalled MOSS, reinstalled Service Pack 1, recreated
the SSP, stopped & started the Office Search from w/in Services on this
server...still no luck.
The error text is:
Application Server Administration job failed for service instance
Microsoft.Office.Server.Search.Administration.SearchServiceInstance
(2c55c277-846b-44f8-8782-5dca60cd7f18).
Reason: This implementation is not part of the Windows Platform FIPS
validated cryptographic algorithms.
Techinal Support Details:
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at
Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications)
at
Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at
Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)
Any help is appreciated!!!
- Follow-Ups:
- References:
- Prev by Date: Re: Template and a custom column
- Next by Date: RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
- Previous by thread: RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
- Next by thread: RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
- Index(es):
Relevant Pages
|
