Applies To
Exchange Server 2010 Enterprise Exchange Server 2010 Standard

Symptoms

Consider the following scenario:

  • You create a federation trust between a Microsoft Exchange Server 2010 Service Pack 1(SP1) organization and Microsoft Federation Gateway.

  • The System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting is enabled on the server that is running Exchange Server 2010 SP1.

  • You use the Get-FederatedDomainProof cmdlet to generate a cryptographically secure string for the domain.

In this scenario, the cmdlet fails, and you receive the following error message:

WARNING: An unexpected error has occurred and a Watson dump is being generated: Exception has been thrown by the target of an invocation.Exception has been thrown by the target of an invocation. Exception has been thrown by the target of an invocation. + CategoryInfo : NotSpecified: (:) [Get-FederatedDomainProof], TargetInvocationException + FullyQualifiedErrorId : System.Reflection.TargetInvocationException,Microsoft.Exchange.Management.SystemConfigur ationTasks.GetFederatedDomainProof

Additionally, the following event is logged on the Exchange Server 2010 SP1 server:

Cause

This issue occurs because the cryptographic algorithm that is used to calculate the hash value of a domain name is not a U.S. Federal Information Processing Standards (FIPS)-certified cryptographic algorithm.

Resolution

To resolve this issue, install the following update rollup:

2661854 Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting is , click the following article number to view the article in the Microsoft Knowledge Base:

811833 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing For more information about how to create a federation trust, visit the following Microsoft website:

General information about how to create a federation trustFor more information about the Get-FederatedDomainProof cmdlet, visit the following Microsoft website:

General information about the Get-FederatedDomainProof cmdletFor more information about FIPS-compliant algorithms, visit the following Microsoft website:

General information about FIPS compliant algorithms

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center