Consider the following scenario:
You use Federal Information Processing Standards (FIPS) on an Offline Address Book (OAB) server in a Microsoft Exchange Server 2013 environment. You do this by running the following command in Exchange Management Shell (EMS):
Set-ItemProperty -Path HKLM:\system\currentcontrolset\control\lsa\fipsalgorithmpolicy -name enabled -Value 1
You try to update the OAB.
In this scenario, the update fails. Additionally, an event ID 17004 that resembles the following is logged in the Application log:
To resolve this issue, install the following cumulative update:
2961810 Cumulative Update 6 for Exchange Server 2013
This issue occurs because the managed SHA1 hash algorithm is used for the generation of the OAB file hash. However, the file hash is not FIPS compliant.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about FIPS, go to the following Microsoft website:
More information about the FIPS compliant algorithmsFor more information about the Set-ItemProperty cmdlet, go to the following Microsoft website:
General information about the Set-ItemProperty cmdletFor more information about the Update-OfflineAddressBook cmdlet, go to the following Microsoft website: