locked
SSRS 2016 FIPS Algorithm Error RRS feed

  • Question

  • Hi,

    Relating specifically to this thread based on 2008 R2 SSRS we implemented the accepted answer in SSRS 2014 with no further issues.

    We have now performed an in-place upgrade on a PoC environment and have encountered a very similar FIPS errors described in the above post (see below). With the machinekey still in place on the ReportServer web.config, Im assuming the issue is caused by the fact there is no longer a ReportManager web.config file (and I have not updated any substitute version of it?).

    I have tried implementing the machinekey in the machine.config files in both the .NET 2.0 and 4.5 folders in windows with no positive results. Any assistance is appreciated, though I may need to take this direct to MS for direction.

    library!ReportServer_0-1!5b4!07/15/2016-05:46:24:: e ERROR: Report server unique dump occured. Exception: Microsoft.ReportingServices.Diagnostics.Utilities.InternalCatalogException: An internal error occurred on the report server. See the error log for more details. ---> System.TypeInitializationException: The type initializer for 'Microsoft.Reporting.WebForms.ClientTelemetry' threw an exception. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

    Thanks in advance, Craig



    Monday, July 18, 2016 10:51 AM

Answers

  • You can try this workaround – add this snippet to the machine.config in the .NET installation directory, see https://blogs.msdn.microsoft.com/shawnfa/2008/12/02/cryptoconfig/  for more details:

    <mscorlib>
        <cryptographySettings>
            <cryptoNameMapping>   
                <cryptoClasses>
                    <cryptoClass
                        SHA256CSP="System.Security.Cryptography.SHA256CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
                </cryptoClasses>            
                <!-- name mappings -->           
                <nameEntry
                    name="SHA256"
                    class="SHA256CSP" />
                <nameEntry
                    name="SHA256CryptoServiceProvider"
                    class="SHA256CSP" />
                <nameEntry
                    name="System.Security.Cryptography.SHA256CryptoServiceProvider"
                    class="SHA256CSP" /> 
                <nameEntry
                    name="System.Security.Cryptography.SHA256"
                    class="SHA256CSP"/>      
            </cryptoNameMapping>          
        </cryptographySettings>
    </mscorlib>  
    Let me know if that works for you.

    • Proposed as answer by Xi Jin Monday, July 25, 2016 8:19 AM
    • Marked as answer by Xi Jin Friday, July 29, 2016 9:11 AM
    Monday, July 18, 2016 9:13 PM

All replies

  • You can try this workaround – add this snippet to the machine.config in the .NET installation directory, see https://blogs.msdn.microsoft.com/shawnfa/2008/12/02/cryptoconfig/  for more details:

    <mscorlib>
        <cryptographySettings>
            <cryptoNameMapping>   
                <cryptoClasses>
                    <cryptoClass
                        SHA256CSP="System.Security.Cryptography.SHA256CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
                </cryptoClasses>            
                <!-- name mappings -->           
                <nameEntry
                    name="SHA256"
                    class="SHA256CSP" />
                <nameEntry
                    name="SHA256CryptoServiceProvider"
                    class="SHA256CSP" />
                <nameEntry
                    name="System.Security.Cryptography.SHA256CryptoServiceProvider"
                    class="SHA256CSP" /> 
                <nameEntry
                    name="System.Security.Cryptography.SHA256"
                    class="SHA256CSP"/>      
            </cryptoNameMapping>          
        </cryptographySettings>
    </mscorlib>  
    Let me know if that works for you.

    • Proposed as answer by Xi Jin Monday, July 25, 2016 8:19 AM
    • Marked as answer by Xi Jin Friday, July 29, 2016 9:11 AM
    Monday, July 18, 2016 9:13 PM
  • Great, thanks!

    Ill try that out today & reply on-thread

    Tuesday, July 19, 2016 8:24 AM
  • I have a brand new install of SSRS 2016 with CU1. Tried the above solution, restart of report server, however I'm still receiving the FIPS error. Any other luck?
    Wednesday, September 21, 2016 4:17 PM