Problem
Sometimes, when launching the ZappySys Gateway UI or initiating the ZappySys Service, you may encounter the following FIPS (Federal Information Processing Standards) related error, When checking the Windows Event Log for the ZappySys Service, you might encounter Service Errors.
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. →
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged…ctor()
Or
Error: An error occurred with the following error message: “Ed25519 algorithm is not supported in FIPS-compliant mode.”.
Error in Gateway UI
Service Error in Event Log
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. → System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged…ctor()
— End of inner exception stack trace —
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
at System.Activator.CreateInstanceT
at TdsServers.CryptoUtils.Encrypt[T](String value, String password)
at TdsServers.GwDataSource.EncodeText(String s, String pwd)
at ZappySysTdsConfig.TdsConfigWindow.btnSaveConfig_Click(Object sender, EventArgs e)
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged…ctor()
Cause
Your organization has implemented a policy to enforce FIPS compliance, restricting certain encryption algorithms. You can verify this by checking the following registry:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
- If Enabled=1, it indicates that the FIPS compliance check is turned on.
- If Enabled=0 or the key is missing, it signifies that the FIPS compliance check is turned off or not configured.
Solution
There are two methods to disable FIPS. One targets only the ZappySys Gateway, while the other impacts the entire operating system. Here’s a brief overview:
Method #1 - Disable FIPS for Gateway only
If you need to disable FIPS (Federal Information Processing Standards) specifically for the ZappySys Gateway, follow these steps:
-
Navigate to the ZappySys ODBC PowerPack Folder:
Go to the following directory on your system:C:\Program Files (x86)\ZappySys\ZappySys ODBC PowerPack\ZappySys.TdsServer.WindowsService
-
Create Two New Configuration Files:
Create two new files with the following names: (Ensure that the file extensions are not “.config.”)- ZsTdsService.exe.config
- ZappySysDataGatewayConfig.exe.config
-
Edit Configuration Files:
Open each file using a text editor such as Notepad. Enter the following text in both files and save them:<configuration> <runtime> <enforceFIPSPolicy enabled="false" /> </runtime> </configuration>
-
Restart the Gateway Service:
After saving the changes, open the Gateway UI and restart the service.
By following these instructions, you are configuring the runtime settings for the ZappySys Gateway to disable the FIPS policy. This adjustment is specific to the Gateway application and ensures that it operates without FIPS compliance.
Method #2 - Disable FIPS for all applications on the OS
If you encounter challenges with Method #1 or find it more suitable to disable FIPS for all applications across the operating system, follow these steps:
-
Access the Registry Editor:
- Press the Windows key and type “regedit” in the start menu.
- Select and open the “Registry Editor.”
-
Navigate to the FIPS Algorithm Policy Key:
- In the Registry Editor, go to the following key:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
-
Modify the Enabled Value:
- Within the FipsAlgorithmPolicy key, locate the “Enabled” value.
- Change the value to “0” to disable FIPS.
By performing these steps, you instruct the operating system to deactivate FIPS for all applications. If feasible, it’s crucial to consider Method#1 first before opting to disable FIPS at the OS level. This adjustment should be cautiously approached, as it affects the FIPS compliance status for all applications across the system.
Method #3 - (For SFTP only) Disable FIPS Only Algorithms
If you are using ZappySys SFTP in SSIS or ODBC Drivers, you may try disabling Fips Algorithms like the one below just for the SFTP connection.
- Go to SFTP Connection > Advanced Tab
- In the option, enter
DoNotUseFipsAlgorithmsOnly
and run again (You may have to Re-open Visual Studio / ODBC UI if it’s already Open to apply this)
By setting this option it disables FIPS Only algorithms for SFTP connection (Use this to override Windows FIPS setting and ignore Windows FIPS mode).
Contact Us
If you encounter any challenges or have specific use cases, please contact our support team via chat or ticket.