locked
FIPS encryption error when build agent labels source RRS feed

  • Question

  • I have set up a new build machine with an existing TFS Server. We are using TFS 2013. When I turn labeling on the build fails with the following error.  If I turn labeling off the build succeeds with not error.

    Anyone have a clue how to fix this?

    The following shows a sample build error:  Also after looking at some of the other logs it appears all the source is rerieved then this error shows up.

    Thanks in advance.

    Run on agent (reserved build agent Agent 2)

    00:00

    Initialize environment

    00:00

    Get sources from Team Foundation Version ControlException Message: Exception has been thrown by the target of an invocation. (type TargetInvocationException)Exception Stack Trace:    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)   at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[]
    args)   at System.Security.Cryptography.SHA256.Create(String hashName)   at Microsoft.TeamFoundation.Build.Workflow.Activities.LabelSources.GetLabelLockName(Uri buildUri, String labelName, String labelScope)   at System.Activities.Runtime.ActivityExecutor.ExecuteInResolutionContext
    T   at System.Activities.InArgument`1.TryPopulateValue(LocationEnvironment targetEnvironment, ActivityInstance activityInstance, ActivityExecutor executor)   at System.Activities.ActivityInstance.InternalTryPopulateArgumentValueOrScheduleExpression(RuntimeArgument argument, Int32 nextArgumentIndex, ActivityExecutor executor, IDictionary`2 argumentValueOverrides, Location resultLocation, Boolean isDynamicUpdate)   at System.Activities.ActivityInstance.ResolveArguments(ActivityExecutor executor, IDictionary`2 argumentValueOverrides, Location resultLocation, Int32 startIndex)   at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)Inner Exception Details:Exception Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. (type InvalidOperationException)Exception Stack Trace:    at System.Security.Cryptography.SHA256Managed..ctor()

    Thursday, January 19, 2017 2:44 PM

Answers

  • Hi JBLENNON,

    Check if you could build with label on the TFS server. If you could build on the TFS server, you could turn the register on build machine, if you still could not build on the TFS server, you could turn the register on the TFS server.

    Best Regards

    Limitxiao Gao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by JBLENNON Monday, January 23, 2017 3:07 PM
    Monday, January 23, 2017 9:06 AM
    Moderator
  • I disabled FIPS on the build server via the local security policy and it worked.  I may have to come up with a long term solution because this may be overridden by group policy.  If it gets reset.  I may try disable fips encryption via the machine.config.
    • Marked as answer by JBLENNON Friday, February 3, 2017 2:25 PM
    Monday, January 23, 2017 3:07 PM

All replies

  • Hi JBLENNON,

    Thank you for posting here.

    What type of project did you build with? Please try to create a new simple console application, then check If you could build it with label resource on. Also I suggest that you could try to set the following register to 0:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy

    Best Regards

    Limitxiao Gao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, January 20, 2017 5:56 AM
    Moderator
  • It was a simple (Hello word) windows forms application with a WIX installer.   I do not think it is event trying to build it.  It does not get that far.   It appears like is successfully pulls all the source then I assume it is trying to label the source next because when I turn labeling off if fails.

    Any Ideas as to which machine I need to set the registry flag on?  TFS Server or Build Machine?  

    Saturday, January 21, 2017 1:04 PM
  • Hi JBLENNON,

    Check if you could build with label on the TFS server. If you could build on the TFS server, you could turn the register on build machine, if you still could not build on the TFS server, you could turn the register on the TFS server.

    Best Regards

    Limitxiao Gao


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by JBLENNON Monday, January 23, 2017 3:07 PM
    Monday, January 23, 2017 9:06 AM
    Moderator
  • I disabled FIPS on the build server via the local security policy and it worked.  I may have to come up with a long term solution because this may be overridden by group policy.  If it gets reset.  I may try disable fips encryption via the machine.config.
    • Marked as answer by JBLENNON Friday, February 3, 2017 2:25 PM
    Monday, January 23, 2017 3:07 PM