"InvaIidOperationException" error when you open digitally signed or NDR messages in FIPS-enabled Exchange Server 2007

Symptoms

Assume that you apply Update Rollup 15 in a Microsoft Exchange Server 2007 environment that has Federal Information Processing Standard (FIPS) enabled. Then, you open a digitally signed message, or a Non-delivery report (NDR) message that contains a digital signature in Outlook Web Access. In this situation, you receive the following error message:
Exception
Exception type: System.InvaIidOperationException
Exception message: This implementation is not part of the Windows Platform FIPS validated algorithms.

Cause

This issue occurs because the HMACSHA256 algorithm that is used to decode digitally signed messages in Outlook Web Access is not FIPS compliant, and FIPS is enforced on a computer that runs Outlook Web Access.

Note HMACSHA256 is a kind of keyed hash algorithm that is constructed from the SHA-256 hash function and used as a Hash-based Message Authentication Code (HMAC).

Resolution

Workaround

To work around this issue, uninstall Update Rollup 15 for Exchange Server 2007 Service Pack 3, and then revert to the original update version.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Properties

Article ID: 3057222 - Last Review: Jun 16, 2015 - Revision: 1

Feedback