Consider the following scenario:
In this scenario, the update fails. Additionally, an event ID 17004 that resembles the following is logged in the Application log:
Source: MSExchangeMailboxAssistants
Date: Date
Event ID: 17004
Task Category: OAB Generator Assistant
Level: Error
Keywords: Classic
User: N/A
Computer: Computer
Description:
Generation of OAB "\OAB01" failed.
Dn: CN=OAB01,CN=Offline Address Lists,CN=Address Lists Container,<xxxx>
ObjectGuid: 428d2524-2bc6-49a1-a5ae-620b1204cce4
Stats: S:OAB='\OAB01';I64:Status=2147500037;Dt:StartTime=StartTime;Dt:EndTime=EndTime;S:DC=;I32:Total.Records=0;I32:Total.TempFiles=0;Ti:TimeWritingFiles=00:00:00;S:Org=srn.sandia.gov;S:Wasted=False;I32:Total.RecordsAddedChurn=0;I32:Total.RecordsDeletedChurn=0;I32:Total.RecordsModifiedChurn=0;Ti:PrepareFilesForOABGeneration.DownloadFilesFromMailbox.StoreRpcLatency=00:00:00.0150000;I32:PrepareFilesForOABGeneration.DownloadFilesFromMailbox.StoreRpcCount=5;Ti:PrepareFilesForOABGeneration.DownloadFilesFromMailbox.CpuTime=00:00:00;Ti:PrepareFilesForOABGeneration.DownloadFilesFromMailbox.ElapsedTime=00:00:00.0055628;Ti:PrepareFilesForOABGeneration.CpuTime=00:00:00;Ti:PrepareFilesForOABGeneration.ElapsedTime=00:00:00.0065797;Ti:Total.CpuTime=00:00:00.0312500;Ti:Total.ElapsedTime=00:00:00.0596797;I32:GenerateOrLinkTemplateFiles.GenerateTemplateFiles.FS.BytesRead=14923;I32:GenerateOrLinkTemplateFiles.GenerateTemplateFiles.FS.BytesWritten=22017;Ti:GenerateOrLinkTemplateFiles.GenerateTemplateFiles.FS.Reading.ElapsedTime=00:00:00.0000394;Ti:GenerateOrLinkTemplateFiles.GenerateTemplateFiles.FS.Writing.ElapsedTime=00:00:00.0002913;Ti:GenerateOrLinkTemplateFiles.GenerateTemplateFiles.CpuTime=00:00:00.0312500;Ti:GenerateOrLinkTemplateFiles.GenerateTemplateFiles.ElapsedTime=00:00:00.0528901;Ti:GenerateOrLinkTemplateFiles.CpuTime=00:00:00.0312500;Ti:GenerateOrLinkTemplateFiles.ElapsedTime=00:00:00.0529628;; S:Exp=System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.SHA1Managed..ctor()
at Microsoft.Exchange.OAB.OABFileHash.GetHash(Stream stream)
at Microsoft.Exchange.MailboxAssistants.Assistants.OABGenerator.OABFile.Compress(FileSet fileSet, GenerationStats stats, String marker)
at Microsoft.Exchange.MailboxAssistants.Assistants.OABGenerator.TemplateFileGenerator.GenerateTemplateFile(FileSet fileSet)
at Microsoft.Exchange.MailboxAssistants.Assistants.OABGenerator.OABGenerator.GenerateTemplateFiles()
at Microsoft.Exchange.MailboxAssistants.Assistants.OABGenerator.OABGenerator.GenerateOrLinkTemplateFiles(AssistantTaskContext assistantTaskContext)
at Microsoft.Exchange.MailboxAssistants.Assistants.OABGenerator.OABGeneratorAssistant.<>c__DisplayClassc.<ProcessAssistantStep>b__8()
at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
at Microsoft.Exchange.MailboxAssistants.Assistants.OABGenerator.OABGeneratorAssistant.ProcessAssistantStep(AssistantTaskContext assistantTaskContext)
To resolve this issue, install the following cumulative update:
2961810
(http://support.microsoft.com/kb/2961810/
)
Cumulative Update 6 for Exchange Server 2013
This issue occurs because the managed SHA1 hash algorithm is used for the generation of the OAB file hash. However, the file hash is not FIPS compliant.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about FIPS, go to the following Microsoft website:
For more information about the
Set-ItemProperty cmdlet, go to the following Microsoft website:
For more information about the
Update-OfflineAddressBook cmdlet, go to the following Microsoft website:
Article ID: 2974339 - Last Review: Tuesday, 26 August 2014 - Revision: 1.0
Applies to
- Microsoft Exchange Server 2013 Enterprise
- Microsoft Exchange Server 2013 Standard
| kbqfe kbfix kbexpertiseadvanced kbsurveynew KB2974339 |
