Error when you execute SSIS 2012 package on a FIPS-enabled Windows
Assume that you have Microsoft SQL Server 2012 or 2016 run on a server that Federal Information Processing Standard (FIPS) is enabled. In this situation, when you run or validate a Microsoft SQL Server Integration Service package that contains data flow script component, you receive the following error message:
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5 CryptoserviceProvider..ctor()Note This problem occurs when the following registry subkey is set to 1:
This problem occurs because SSIS uses the MD5 algorithm. The MD5 algorithm is not FIPS compliant.
Service pack informationThis issue was fixed in the SQL Server 2016 Service Pack 1 (SP1). See the SQL Server 2016 build versions.
To fix this problem in SQL Server 2012, get Service Pack 3 for SQL Server 2012.
bugs that are fixed in SQL Server 2012 Service Pack 3.
To work around this problem, try one of the following methods:
- Turn off the FIPS policy on the server. To do this, see the "To configure FIPS policy settings" section on the following TechNet website:Notes
- You must restart the application for the new setting to take effect.
- This setting affects the following registry value in Windows Server:HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.
- Use other Microsoft .NET solutions instead of the Script component.
Note The MD5 algorithm is hard-coded within the data flow Script component. Therefore, you cannot change this Script component.
SQL Server Integration services uses several Windows encryption algorithms that do not comply with FIPS 140-2, that are security requirements for cryptographic modules. For example, SSIS 2012 uses MD5. This does not comply with FIPS 140-2, for computing hash values that are not used for security. FIPS 140-2 defines security standards that the United States and Canadian governments use to validate security levels for products that implement cryptography.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Makale No: 2925865 - Son İnceleme: 11/16/2016 09:23:00 - Düzeltme: 4.0
Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2016 Developer, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2016 Enterprise Core, Microsoft SQL Server 2016 Standard
- kbsurveynew kbexpertiseinter kbfix kbexpertiseadvanced KB2925865