3 Replies Latest reply on Mar 2, 2011 7:11 AM by Stuart NameToUpdate

    FIPS Not Enabled

      Hi,

       

      I've received reports of patching jobs failing/hanging on a number of servers and after checking the RSCD_Log files they all contain a 'FIPS Not Enabled' error message.  Please can anyone shed some light on this error and how it can be resolved?

       

      02/26/11 13:56:21.406 INFO     rscd -  <hostname>1312  (???): ???: FIPS Not Enabled

      02/26/11 13:56:21.421 INFO     rscd -  <hostname>1312  (???): ???: FIPS Mode Init Error: ossl_err = 0

      02/26/11 13:56:21.421 INFO     rscd -  <hostname>1312  (???): ???: FIPS Not Enabled

      02/26/11 13:56:21.406 INFO     rscd -  <hostname>1312  (???): ???: FIPS Not Enabled

      02/26/11 13:56:21.421 INFO     rscd -  <hostname>1312  (???): ???: FIPS Mode Init Error: ossl_err = 0

      02/26/11 13:56:21.421 INFO     rscd -  <hostname>1312  (???): ???: FIPS Not Enabled

       

       

      Bladelogic version: 8.0.7.711

      Agent version: 8.0.0.422

       

      I thought it may be related to the dissimilar versions between the agent and application server, however a large number of servers are being patched successfully using Bladelogic.

       

      Many thanks

      Stuart

        • 1. FIPS Not Enabled

          I am curious about this as well.

          • 2. FIPS Not Enabled

            Stuart, Mpeller ..

             

            I think you will periodically encounter this line in the log file when you come accross a server which has other cryptography settings turned on outside of the standard defualt windows install. This is the RSCD agent checking to see if windows has been told via its local security policy (LocalPolices>Security Options>System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing) to use FIPS compliant algorithums for encrytion.

             

            Now when this option is set to "Enabled" in the local policy it basically tells certain applications on the OS that they must use a minimal encryption type to conform to FIPS standards (Like TLS 1.0).

             

            Becuase the RSCD agent is in effect an application i guess its pre-programmed to check for this setting, and i would assume if it detects its enabled i guess it would change the way it works or just fail. hence why we are seeing it in a log and it states "Not Enabeld".

             

            We have to remember that FIPS is an american standard, and that i guess the RSCD agent has been devleoped to meet those standards so that log file entry may not apply to our UK application of the RSCD agent.

             

            Hope this spreads some light, be intersted to see the log file when FIPS is enabeld!.

             

            Jason

            • 3. FIPS Not Enabled

              Hi Jason,

               

              Thanks very much for the information. I'll check the local policy settings of these servers which are failing so see what the System Cryptography options are set to and go from there.

               

              Kind regards

              Stuart