So I set it to 0, but it did not help. I tried reboot my Windows 2008 R2 SP1 server as well. Can anyone help?
Exception calling "CreateUser" with "2" argument(s): "This implementation is not part of the Windows Platform FIPS vali
dated cryptographic algorithms."
At D:\bin\add-user.ps1:306 char:77
+ [void][Microsoft.Web.Management.Server.ManagementAuthentication]::CreateUser <<<< ($agency_msp_user, $agency_msp_user
_passwd)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodTargetInvocation
I tried to use only sha256 algorithm. It is throwing an exception for me as well. So it seems the problem is the SHA256. I thought SHA256 is supposed to be FIPS compliant?
Exception calling "Create" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS validate
d cryptographic algorithms."
At line:1 char:46
+ [System.Security.Cryptography.sha256]::create <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodTargetInvocation
Basically I need to define an alias for System.Security.Cryptography.SHA256CryptoServiceProvider, and whenever a call is made to class System.Security.Cryptography.SHA256, it will use
System.Security.Cryptography.SHA256CryptoServiceProvider, which is FIPS compliant.
w2008support
15 Posts
create user failure - This implementation is not part of the Windows Platform FIPS validated cry...
May 25, 2012 03:36 PM|LINK
I am using a Powershell script to create IIS user. Here is the line that creates a user -
[void][Microsoft.Web.Management.Server.ManagementAuthentication]::CreateUser($user, $user_passwd)
But I got an error mesage saying this is not FIPS validated cryptographic algorithm. I guess it is related to registry setting
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled.
So I set it to 0, but it did not help. I tried reboot my Windows 2008 R2 SP1 server as well. Can anyone help?
Exception calling "CreateUser" with "2" argument(s): "This implementation is not part of the Windows Platform FIPS vali
dated cryptographic algorithms."
At D:\bin\add-user.ps1:306 char:77
+ [void][Microsoft.Web.Management.Server.ManagementAuthentication]::CreateUser <<<< ($agency_msp_user, $agency_msp_user
_passwd)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodTargetInvocation
Thanks.
jeff@zina.co...
3379 Posts
MVP
Moderator
Re: create user failure - This implementation is not part of the Windows Platform FIPS validated...
May 25, 2012 07:22 PM|LINK
Bing?
http://support.microsoft.com/kb/935434
Jeff
w2008support
15 Posts
Re: create user failure - This implementation is not part of the Windows Platform FIPS validated...
Jul 05, 2012 04:39 PM|LINK
The KB says - "This problem occurs because the MD5 algorithm is not FIPS compliant."
But this IIS server link says IIS server is using SHA256 not MD5 to store a user's password hash?
http://www.iis.net/ConfigReference/system.webServer/management/authentication/credentials/add
w2008support
15 Posts
Re: create user failure - This implementation is not part of the Windows Platform FIPS validated...
Jul 05, 2012 05:10 PM|LINK
I tried to use only sha256 algorithm. It is throwing an exception for me as well. So it seems the problem is the SHA256. I thought SHA256 is supposed to be FIPS compliant?
PS C:\Users\Administrator> [System.Security.Cryptography.sha256]::create()
Exception calling "Create" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS validate
d cryptographic algorithms."
At line:1 char:46
+ [System.Security.Cryptography.sha256]::create <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodTargetInvocation
w2008support
15 Posts
Re: create user failure - This implementation is not part of the Windows Platform FIPS validated...
Jul 06, 2012 10:12 PM|LINK
I figure out the reason. Even though SHA256 algorithm itself is FIPS compliant, but not every implementation of it is FIPS compliant.
I found a solution after reading this article - http://blogs.msdn.com/b/shawnfa/archive/2008/12/02/cryptoconfig.aspx.
Basically I need to define an alias for System.Security.Cryptography.SHA256CryptoServiceProvider, and whenever a call is made to class System.Security.Cryptography.SHA256, it will use System.Security.Cryptography.SHA256CryptoServiceProvider, which is FIPS compliant.