Error when you execute SSIS package on FIPS-enabled Windows

Applies to: SQL Server 2016 DeveloperSQL Server 2016 EnterpriseSQL Server 2016 Enterprise Core


Assume that you have Microsoft SQL Server 2012, 2014, or 2016 running on a server that has Federal Information Processing Standard (FIPS) enabled. In this situation, when you run or validate a Microsoft SQL Server Integration Service package (SSIS) that contains a data flow script component, you receive the following error message:
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5 CryptoserviceProvider..ctor()

Note This issue occurs when the following registry subkey is set to 1:


This issue occurs because SSIS uses the MD5 algorithm. The MD5 algorithm is not FIPS compliant.


Service pack information

SQL Server 2016

To fix this issue in SQL Server 2016, get Service Pack 1 for SQL Server 2016.

SQL Server 2014

To fix this issue in SQL Server 2014, get Service Pack 2 for SQL Server 2014.

SQL Server 2012

To fix this issue in SQL Server 2012, get Service Pack 3 for SQL Server 2012.


To work around this issue, try one of the following methods:

  • Turn off the FIPS policy on the server. To do this, see the "To configure FIPS policy settings" section on the following TechNet website:Notes

    • You must restart the application for the new setting to take effect.
    • This setting affects the following registry value in Windows Server:
      This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.
  • Use other Microsoft .NET solutions instead of the Script component.

    Note The MD5 algorithm is hard-coded within the data flow Script component. Therefore, you cannot change this Script component.

More Information

SQL Server Integration services uses several Windows encryption algorithms that do not comply with FIPS 140-2, that are security requirements for cryptographic modules. For example, SSIS 2012 uses MD5. This does not comply with FIPS 140-2, for computing hash values that are not used for security. FIPS 140-2 defines security standards that the United States and Canadian governments use to validate security levels for products that implement cryptography.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.