locked
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. RRS feed

  • Question

  • I'm developing a Visual Studio 2008 web app on Windows Server 2008R2 for a government client. When I attempt to compile, I get this error (even for the the default web app that is created with a new solution):

    This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

    I've read other posts that talk about the problem - but none with a solution that works. I do not have the option of turning this FIPS compliant switch off. Adding the following to the web.config file doesn't help either:

        <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES" />

    Do I have to provide a key in the above statement?

    Please help!
    Tuesday, March 9, 2010 12:19 AM

Answers

  • I solved the problem by inserting this statement in the machine.config files in the .NET Framework folder;

    <configuration>

        <runtime>

            <enforceFIPSPolicy enabled="false"/>  

     </runtime>

    </configuration>

    • Marked as answer by DanDoney Friday, October 14, 2011 6:25 PM
    Friday, October 14, 2011 6:24 PM

All replies

  • after making the change, did you restart IIS services?
    jon.stromer.galley
    Tuesday, March 9, 2010 1:26 AM
  • Hi DanDoney,
    You may restart IIS with prompt: iisreset, and try build application again to see whether it works.
    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Tuesday, March 9, 2010 1:54 AM
  • Jon & Eric,
    Thank you for your quick response - sorry for the delay getting back to you. For now, I'm running on the Visual Studio Development Server - not IIS. I've tried iisreset & rebooting the computer after making the change - neither worked. I cannot even compile the solution as the IDE is defaulting on the error. I'm hoping VS2008 SP1 addresses this - were moving the files to install the service pack now. You can imagine the impact - I can't even build/run the simplest ASP.NET app with the FIPS setting on (now a requirement for the agency I support). Any advice?

    Thanks,

    Dan

    Tuesday, March 9, 2010 4:56 PM
  • ugg, right the dev server.....

    I did a little sluthing and came up with this.  You might be able to turn off the check via editing

    DevEnv.Exe.config
        and / or
    WebDev.WebServer.Exe.config 

    <configuration>
        <runtime>
            <enforceFIPSPolicy enabled=”0” />
            <!-- or maybe ="false" -->
        </runtime>
    </configuration>
    


    jon.stromer.galley
    • Marked as answer by DanDoney Friday, March 12, 2010 2:30 PM
    • Unmarked as answer by DanDoney Friday, May 27, 2011 12:58 PM
    Tuesday, March 9, 2010 8:29 PM
  • Hi DanDoney,
    I'm writing to check the issue status, does jgalley's suggestion help, please feel free to let us know if you have any concern.
    Sincerely,
    Eric
    MSDN Subscriber Support in Forum
    If you have any feedback of our support, please contact msdnmg@microsoft.com.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Welcome to the All-In-One Code Framework! If you have any feedback, please tell us.
    Friday, March 12, 2010 9:26 AM
  • Thanks Eric - I haven't had time to get back to testing this. We got a waiver to turn off the FIPS flag. When I come up for air I'll check on the proposed solution. I appreciate the help you and Jon have provided. Will mark as answered for now...
    Friday, March 12, 2010 2:30 PM
  • The requirement to turn on the FIPS setting has come down more forcefully. I'm able to develop with this setting on - now using VS2010 SP1. When I deploy (even a simple Hello World web app) I get the FIPS error when I attempt to access a page. I am deploying to .NET 3.5 framework on a Windows Server 2008 R2.

    I've tried the following work-arounds:

    1) The web.config entry suggested above. (I used "false").

    2) Set EnableViewState="false" for the page causing the error.

    3) Set machine key to 3DES in the config file

    None of the above alleviate the problem. I'm stuck!

    Friday, May 27, 2011 1:26 PM
  • I'm having the same issue as DanDoney - The blank application compiles fine, but the second I add a blank class (without ANY code) I receive the FIPS error.
    Saturday, July 2, 2011 7:16 PM
  • I solved the problem by inserting this statement in the machine.config files in the .NET Framework folder;

    <configuration>

        <runtime>

            <enforceFIPSPolicy enabled="false"/>  

     </runtime>

    </configuration>

    • Marked as answer by DanDoney Friday, October 14, 2011 6:25 PM
    Friday, October 14, 2011 6:24 PM
  • Still relevant today on Windows 10 using Visual Studio 2015.  Much appreciated.
    Tuesday, November 7, 2017 4:26 PM
  • This is a very old thread, but the FIPS issues still seem to be floating around in certain circumstances. I have published a few blog articles about FIPS issues in Visual Studio here:

    https://blogs.msdn.microsoft.com/samlester/2017/09/20/fixed-compiling-a-xaml-based-project-fails-in-visual-studio-with-fips-enabled/

    https://blogs.msdn.microsoft.com/samlester/2017/03/10/creating-a-new-project-in-visual-studio-fails-when-fips-is-enabled/

    And another one regarding a couple issues on FIPS environments with Power BI Desktop:

    https://blogs.msdn.microsoft.com/samlester/2016/10/25/power-bi-fails-with-windows-platform-fips-validated-cryptographic-algorithms-error-due-to-fips-algorithm-policy/

    If you hit any other FIPS related issues, you can reply to this thread or on one of the blog articles and I can try to assist.

    Thanks,
    Sam Lester (MSFT)


    https://blogs.msdn.microsoft.com/samlester/

    Twitter - @SQLSamLester

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" and "Vote as Helpful" on posts that help you. This can be beneficial to other community members reading the thread.

    Saturday, December 30, 2017 12:56 PM