Skip to content
+1-888-319-3663

HELP ARTICLE

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms


What is FIPS?

Windows has a setting that prevents applications on the machine from using encryption that are not compliant with Federal Information Processing Standards(FIPS). This setting is typically only needed for servers that contain government data. Here is a good article about FIPS and why it would need to be enabled.

The reason this is causing an issue, is because SmartConnect encrypts the SQL login details used to connect to the SmartConnect database using a non-FIPS compliant algorithm. There are two options to resolve this error message. The first is to disable FIPS Mode. If this is not an option, we can add some SmartConnect config files to tell Windows that SmartConnect is exempt from the FIPS requirements.

Disable FIPS Mode

Disabling FIPS Mode is a simple setting switch to the Local Policy.

Go to Administrative Tools > Local Security Policy > Local Policies > Security Options > System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Switch the flag to disabled.

**In my testing I haven’t needed to reboot after changing the setting, but if the issue persists, a restart may be required.

Exclude SmartConnect from FIPS

We will need to add a configuration file for each SmartConnect application and service individually. I will go into detail about each SmartConnect folder individually.

User Interface, Windows Service, and Configuration Application

In the SmartConnect Folder: C:\Program Files (x86)\eOne Solutions\SmartConnect

There are four config files that need to be added. The names must match exactly.

eOne.SmartConnect.RunMapConsole.exe.config

eOne.SmartConnect.UI.External.exe.config

eOne.SmartConnect.WindowsService.exe.config

eOne.SmartConnect.Config.exe.config

 

Each file will contain the same XML.

<configuration> 

<runtime> 

<enforceFIPSPolicy enabled=”false”/> 

</runtime> 

</configuration>

 

WCF Service

In the WCF Folder: C:\Program Files (x86)\eOne Solutions\wcf

The application pool for the service needs to be pointed to a different CLRConfigFile. By default, all application pools use the aspnet.config file, but we don’t want to change that one.

Create a new file named “AppPool.config”

The file should contain the following.

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<configuration>

<runtime>

<legacyUnhandledExceptionPolicy enabled=”false” />

<legacyImpersonationPolicy enabled=”true”/>

<alwaysFlowImpersonationPolicy enabled=”false”/>

<SymbolReadingPolicy enabled=”1″ />

<shadowCopyVerifyByTimestamp enabled=”true”/>

<enforceFIPSPolicy enabled = “false” />

</runtime>

<startup useLegacyV2RuntimeActivationPolicy=”true” />

</configuration>

 

After creating the file, it will need to be assigned to the Application Pool. There isn’t a setting for this available through the IIS GUI so we will need to do it using the CMD prompt.

Here is the command that will need to be ran.

%windir%\System32\inetsrv\appcmd.exe set config  -section:system.applicationHost/applicationPools /[name=’SmartConnectWcf’].CLRConfigFile:”C:\Program Files (x86)\eOne Solutions\wcf\AppPool.config”  /commit:apphost


Asp.net Web Service

In the asmx folder: C:\Program Files (x86)\eOne Solutions\www

The application pool for the service needs to be pointed to a different CLRConfigFile. By default, all application pools use the aspnet.config file, but we don’t want to change that one.

Create a new file named “AppPool.config”

The file should contain the following.

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<configuration>

<runtime>

<legacyUnhandledExceptionPolicy enabled=”false” />

<legacyImpersonationPolicy enabled=”true”/>

<alwaysFlowImpersonationPolicy enabled=”false”/>

<SymbolReadingPolicy enabled=”1″ />

<shadowCopyVerifyByTimestamp enabled=”true”/>

<enforceFIPSPolicy enabled = “false” />

</runtime>

<startup useLegacyV2RuntimeActivationPolicy=”true” />

</configuration>

 

After creating the file, it will need to be assigned to the Application Pool. There isn’t a setting for this available through the IIS GUI so we will need to do it using the CMD prompt.

Here is the command that will need to be ran.

%windir%\System32\inetsrv\appcmd.exe set config  -section:system.applicationHost/applicationPools /[name=’SmartConnect’].CLRConfigFile:”C:\Program Files (x86)\eOne Solutions\www\AppPool.config”  /commit:apphost

RECENT POSTS


Configuring Salesforce Integration User
Business Central Extension Publish Error
Re-registering a Change Data Source in Business Central on SmartConnect.com
Moving SmartConnect 21 to a new server
eConnect error 4628 - The Tracking Number (Tracking_Number) is empty

POPULAR POSTS


SSL Security error using OLEDB Connection
Removed Part: /xl/vbaProject.bin part. (Visual Basic for Applications (VBA))
The server process could not be started because the configured identity is incorrect.
Using WINSCP and a task to upload or download files from an SFTP site
Shortcuts Template for Extender

CATEGORIES

TAGS

Business Central CRM D365 Business Central Dynamics 365 dynamics crm Dynamics GP Dynamics NAV Econnect Employee Spotlight eone eOne News error Error Message Events Excel Excel Report Builder Extender Flexicoder GP integration Map Microsoft dynamics crm Microsoft Dynamics GP Navigation List Builder Office Relationships Partner All Hands Call Popdock promotions release Salesforce Salesforce.com SmartConnect SmartConnect.com SmartConnect Bootcamp SmartConnect Maps SmartConnect Office Hours SmartList SmartList Builder SmartPost SmartView SQL Tech Tuesday Templates training Zendesk

Integrate & Automate without Any Code.

SmartList Data has Never Been Faster.

The Easiest Way to Report on GP Data.