Consider the following scenario:

  • You use Federal Information Processing Standards (FIPS) on an Offline Address Book (OAB) server in a Microsoft Exchange Server 2013 environment. You do this by running the following command in Exchange Management Shell (EMS):

    Set-ItemProperty -Path HKLM:\system\currentcontrolset\control\lsa\fipsalgorithmpolicy -name enabled -Value 1

  • You try to update the OAB.

In this scenario, the update fails. Additionally, an event ID 17004 that resembles the following is logged in the Application log:


To resolve this issue, install the following cumulative update:

2961810 Cumulative Update 6 for Exchange Server 2013


This issue occurs because the managed SHA1 hash algorithm is used for the generation of the OAB file hash. However, the file hash is not FIPS compliant.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about FIPS, go to the following Microsoft website:

More information about the FIPS compliant algorithmsFor more information about the Set-ItemProperty cmdlet, go to the following Microsoft website:

General information about the Set-ItemProperty cmdletFor more information about the Update-OfflineAddressBook cmdlet, go to the following Microsoft website:

General information about the Update-OfflineAddressBook cmdlet

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!