Select the product you need help with
SharePoint 2007: You receive an error message when you try to start a workflow with FIPS enabledArticle ID: 2000371 - View products that this article applies to. SymptomsWorkflows fail to start when the Federal Information Processing Standard (FIPS) algorithm is enabled on a SharePoint server. You may receive the following error message in Internet Explorer: "Failed to Initialize the encryption algorithm" Additionally, you may see the following errors in the ULS logs: 0x0328 Forms Server Forms Services Runtime 6qh0 High Failed to Initialize the encryption algorithm. 0x0328 Forms Server Forms Services Runtime 82fp Critical Exception occurred during request processing. (User: CONTOSOLAB\Farmaccount, Form Name: , IP: , Request: http://servername/_layouts/IniWrkflIP.aspx?List=281bfd30-6e0d-40fc-b323-d6578c23e8f6&ID=1&TemplateID={3964743c-c0e9-472e-84cb-445e58ee1d18}&Source=http://servername/Docs/DocLibTest/Forms/AllItems.aspx, Form ID: , Type: TypeInitializationException, Exception Message: The type initializer for 'Microsoft.Office.InfoPath.Server.DocumentLifetime.Canary' threw an exception. Failed to Initialize the encryption algorithm.)CauseThis problem occurs when the following conditions are true: • The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy registry subkey is set to 1. ResolutionSharePoint Server uses several Windows encryption algorithms that do not comply with Federal Information Processing Standard (FIPS) 140-2 - Security Requirements for Cryptographic Modules. For example, SharePoint Server 2010 uses MD5, which does not comply with FIPS 140-2, for computing hash values that are not used for security purposes. FIPS 140-2 defines security standards which the United States and Canadian governments use to validate security levels for products that implement cryptography. By completing the following steps you will turn off the FIPS policy for the server machine. For additional information, please see System Counter Measures: http://technet.microsoft.com/en-us/library/cc766392(WS.10).aspx Disable the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting. You must restart your application for the new setting to take effect.
This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0. • This security setting affects the following registry value in Windows Server 2003:
This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0 Important: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
More InformationFor more information about the effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and in later versions of Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
811833 The effects of enabling the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting in Windows XP and later versions PropertiesArticle ID: 2000371 - Last Review: November 13, 2012 - Revision: 8.0
|
Back to the top
