RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith

---

• From: Tyrone D. <TyroneD@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 14 Apr 2008 08:02:01 -0700

---

Hey Steve,

Thanks for reply and the link. I'm discussing enabling FIPS on our SQL
server with the rest of our team and see what type of exciting error messages
it brings our way. I pray that you hear some good news from Microsoft and
thanks again.

-Tyrone

"Steve Mushkat" wrote:

Hi Tyrone,

We're using SQL Server 2005, latest SP & patches, and yes it does have FIPS
enabled as well. I'm still working the case with Microsoft support, they
have been able to reproduce the problem, but we're waiting for the problem to
work its way up through their stack of issues. Will post anything we find
out!

There is a blog entry about suppressing the error messages:

http://blogs.msdn.com/shawnfa/archive/2008/03/14/disabling-the-fips-algorithm-check.aspx

Doesn't seem this suppresses actually using FIPS, just prevents the messages
from appearing in the logs.

Steve

"Tyrone D." wrote:

Hey Steve,

Which version of SQL are you using with your farm? Also, do you have FIPS
enabled on the SQL server?

Thanks,
Tyrone

"Steve Mushkat" wrote:

An update...we've been working with Microsoft Support on this problem, and
they've stated this will need to go in as a "design change request" and not a
bug fix. The issue is that every minute, the timer service checks to see if
any new SSP's were provisioned (among other things) - it's this check that's
failing because in order to check, it needs to fetch a credential out of the
registry, and of course the credential is stored with the MD5 hash, not the
3DES encryption. Hence - errors every minute.

There's one other related DCR, but the more we can complain about it the
more attention the problem will get - squeaky wheel & all! If you have the
option, please get in touch with MS Support to see if you can also raise this
issue.

I found a seconary problem apart from the recurring errors in the log -
couldn't get content deployment to work with FIPS enabled. Working this
issue through MS Support as well.

"Steve Mushkat" wrote:

I support a server that has the GPO policy "System cryptography: Use FIPS
compliant algorithms for encryption" enabled. I saw on Live Search that I
needed to modify the machineKey attribute on my web.config files in IIS to
use the 3DES algorithm instead of SHA1, which was needed in order for any of
the web sites to come up.

However, once every minute I still am getting a 6482 error in the
Application event log - I've tried everything I can think of to resolve this
but I'm stuck!! I've re-entered the service account passwords from Central
Admin, re-entered the passwords in the Services snap-in, re-ran the
configuration wizard, reinstalled MOSS, reinstalled Service Pack 1, recreated
the SSP, stopped & started the Office Search from w/in Services on this
server...still no luck.

The error text is:

Application Server Administration job failed for service instance
Microsoft.Office.Server.Search.Administration.SearchServiceInstance
(2c55c277-846b-44f8-8782-5dca60cd7f18).

Reason: This implementation is not part of the Windows Platform FIPS
validated cryptographic algorithms.

Techinal Support Details:
System.InvalidOperationException: This implementation is not part of the
Windows Platform FIPS validated cryptographic algorithms.
at
Microsoft.Office.Server.Search.Administration.SearchServiceInstance.SynchronizeDefaultContentSource(IDictionary applications)
at
Microsoft.Office.Server.Search.Administration.SearchServiceInstance.Synchronize()
at
Microsoft.Office.Server.Administration.ApplicationServerJob.ProvisionLocalSharedServiceInstances(Boolean isAdministrationServiceJob)

Any help is appreciated!!!

.

---

• References:
  • RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
    • From: Tyrone D.
  • RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
    • From: Steve Mushkat

• Prev by Date: RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
• Next by Date: Reset Alerts for Portal
• Previous by thread: RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith
• Next by thread: MOSS public site and Excel files
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith ... We're using SQL Server 2005, latest SP & patches, and yes it does have FIPS ... I'm still working the case with Microsoft support, ... Windows Platform FIPS validated cryptographic algorithms. ... (microsoft.public.sharepoint.portalserver) RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith ... Also, do you have FIPS ... enabled on the SQL server? ... "Steve Mushkat" wrote: ... Windows Platform FIPS validated cryptographic algorithms. ... (microsoft.public.sharepoint.portalserver) RE: MOSS SearchServiceInstance 6482 error: FIPS validated algorith ... We're using SQL Server 2005, latest SP & patches, and yes it does have FIPS ... I'm still working the case with Microsoft support, ... Windows Platform FIPS validated cryptographic algorithms. ... (microsoft.public.sharepoint.portalserver) FIPS and Remote Desktop ... We have a development server running Win 2003 Server. ... all run XP SP2. ... We enabled FIPS mode on our server. ... compliant encrytption and therefore can't connect...fair enough, ... (microsoft.public.windows.terminal_services) Re: Cannot access web server after enable FIPS compliant cryptography ... I'm not familiar with FIPS, but can tell you that if IE prompts you to ... accept the certificate, for example if it is a test certificate, etc, then ... >I have a Windows 2003 Enterprise server hosting my web service and it has ... > When I try to add a web reference to a new asp.net project, ... (microsoft.public.dotnet.framework.aspnet.webservices)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > SharePoint  > microsoft.public.sharepoint.portalserver  > 2008-04