Error when you execute SSIS 2012 package on a FIPS-enabled Windows

Symptom
Assume that you have Microsoft SQL Server 2012 or 2016 run on a server that Federal Information Processing Standard (FIPS) is enabled. In this situation, when you run or validate a Microsoft SQL Server Integration Service package that contains data flow script component, you receive the following error message:

System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5 CryptoserviceProvider..ctor()
Note This problem occurs when the following registry subkey is set to 1:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
Cause
This problem occurs because SSIS uses the MD5 algorithm. The MD5 algorithm is not FIPS compliant.
Resolution

Service pack information

This issue was fixed in the SQL Server 2016 Service Pack 1 (SP1). See the SQL Server 2016 build versions.

To fix this problem in SQL Server 2012, get Service Pack 3 for SQL Server 2012.

For more information about SQL Server 2012 Service Pack 3 (SP3), see bugs that are fixed in SQL Server 2012 Service Pack 3.
Workaround
To work around this problem, try one of the following methods:

  • Turn off the FIPS policy on the server. To do this, see the "To configure FIPS policy settings" section on the following TechNet website:Notes

    • You must restart the application for the new setting to take effect.
    • This setting affects the following registry value in Windows Server:

      HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled

      This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.
  • Use other Microsoft .NET solutions instead of the Script component.

    Note The MD5 algorithm is hard-coded within the data flow Script component. Therefore, you cannot change this Script component.
More information
SQL Server Integration services uses several Windows encryption algorithms that do not comply with FIPS 140-2, that are security requirements for cryptographic modules. For example, SSIS 2012 uses MD5. This does not comply with FIPS 140-2, for computing hash values that are not used for security. FIPS 140-2 defines security standards that the United States and Canadian governments use to validate security levels for products that implement cryptography.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Özellikler

Makale No: 2925865 - Son İnceleme: 11/16/2016 09:23:00 - Düzeltme: 4.0

Microsoft SQL Server 2012 Enterprise, Microsoft SQL Server 2016 Developer, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2016 Enterprise Core, Microsoft SQL Server 2016 Standard

  • kbsurveynew kbexpertiseinter kbfix kbexpertiseadvanced KB2925865
Geri bildirim