System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

pankaj · February 5, 2024, 12:28pm

Problem

Sometimes, when launching the ZappySys Gateway UI or initiating the ZappySys Service, you may encounter the following FIPS (Federal Information Processing Standards) related error, When checking the Windows Event Log for the ZappySys Service, you might encounter Service Errors.

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. →
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged…ctor()

Error in Gateway UI

Service Error in Event Log

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. → System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged…ctor()
— End of inner exception stack trace —
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
at System.Activator.CreateInstanceT
at TdsServers.CryptoUtils.Encrypt[T](String value, String password)
at TdsServers.GwDataSource.EncodeText(String s, String pwd)
at ZappySysTdsConfig.TdsConfigWindow.btnSaveConfig_Click(Object sender, EventArgs e)
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.AesManaged…ctor()

Cause

Your organization has implemented a policy to enforce FIPS compliance, restricting certain encryption algorithms. You can verify this by checking the following registry:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy

If Enabled=1, it indicates that the FIPS compliance check is turned on.
If Enabled=0 or the key is missing, it signifies that the FIPS compliance check is turned off or not configured.

Solution

There are two methods to disable FIPS. One targets only the ZappySys Gateway, while the other impacts the entire operating system. Here’s a brief overview:

Method #1 - Disable FIPS for Gateway only

If you need to disable FIPS (Federal Information Processing Standards) specifically for the ZappySys Gateway, follow these steps:

Navigate to the ZappySys ODBC PowerPack Folder:
Go to the following directory on your system:
```
C:\Program Files (x86)\ZappySys\ZappySys ODBC PowerPack\ZappySys.TdsServer.WindowsService
```
Create Two New Configuration Files:
Create two new files with the following names: (Ensure that the file extensions are not “.config.”)
- ZsTdsService.exe.config
- ZappySysDataGatewayConfig.exe.config
Edit Configuration Files:
Open each file using a text editor such as Notepad. Enter the following text in both files and save them:
```
<configuration>
 <runtime>
   <enforceFIPSPolicy enabled="false" />
 </runtime>
</configuration>
```
Restart the Gateway Service:
After saving the changes, open the Gateway UI and restart the service.

By following these instructions, you are configuring the runtime settings for the ZappySys Gateway to disable the FIPS policy. This adjustment is specific to the Gateway application and ensures that it operates without FIPS compliance.

Method #2 - Disable FIPS for all applications on the OS

If you encounter challenges with Method #1 or find it more suitable to disable FIPS for all applications across the operating system, follow these steps:

Access the Registry Editor:
- Press the Windows key and type “regedit” in the start menu.
- Select and open the “Registry Editor.”
Navigate to the FIPS Algorithm Policy Key:
- In the Registry Editor, go to the following key:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Modify the Enabled Value:
- Within the FipsAlgorithmPolicy key, locate the “Enabled” value.
- Change the value to “0” to disable FIPS.

FipsAlgorithmPolicy

By performing these steps, you are instructing the operating system to deactivate FIPS for all applications. It’s crucial to consider Method#1 first, if feasible, before opting to disable FIPS at the OS level. This adjustment should be approached with caution, as it affects the FIPS compliance status for all applications across the entire system.

Contact Us

If you encounter any challenges or have specific use cases, please contact our support team via chat or ticket.