HELP ARTICLE

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms


What is FIPS?

Windows has a setting that prevents applications on the machine from using encryption that are not compliant with Federal Information Processing Standards(FIPS). This setting is typically only needed for servers that contain government data. Here is a good article about FIPS and why it would need to be enabled.

The reason this is causing an issue, is because SmartConnect encrypts the SQL login details used to connect to the SmartConnect database using a non-FIPS compliant algorithm. There are two options to resolve this error message. The first is to disable FIPS Mode. If this is not an option, we can add some SmartConnect config files to tell Windows that SmartConnect is exempt from the FIPS requirements.

Disable FIPS Mode

Disabling FIPS Mode is a simple setting switch to the Local Policy.

Go to Administrative Tools > Local Security Policy > Local Policies > Security Options > System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Switch the flag to disabled.

**In my testing I haven’t needed to reboot after changing the setting, but if the issue persists, a restart may be required.

Exclude SmartConnect from FIPS

We will need to add a configuration file for each SmartConnect application and service individually. I will go into detail about each SmartConnect folder individually.

User Interface, Windows Service, and Configuration Application

In the SmartConnect Folder: C:\Program Files (x86)\eOne Solutions\SmartConnect

There are four config files that need to be added. The names must match exactly.

eOne.SmartConnect.RunMapConsole.exe.config

eOne.SmartConnect.UI.External.exe.config

eOne.SmartConnect.WindowsService.exe.config

eOne.SmartConnect.Config.exe.config

 

Each file will contain the same XML.

<configuration> 

<runtime> 

<enforceFIPSPolicy enabled=”false”/> 

</runtime> 

</configuration>

 

WCF Service

In the WCF Folder: C:\Program Files (x86)\eOne Solutions\wcf

The application pool for the service needs to be pointed to a different CLRConfigFile. By default, all application pools use the aspnet.config file, but we don’t want to change that one.

Create a new file named “AppPool.config”

The file should contain the following.

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<configuration>

<runtime>

<legacyUnhandledExceptionPolicy enabled=”false” />

<legacyImpersonationPolicy enabled=”true”/>

<alwaysFlowImpersonationPolicy enabled=”false”/>

<SymbolReadingPolicy enabled=”1″ />

<shadowCopyVerifyByTimestamp enabled=”true”/>

<enforceFIPSPolicy enabled = “false” />

</runtime>

<startup useLegacyV2RuntimeActivationPolicy=”true” />

</configuration>

 

After creating the file, it will need to be assigned to the Application Pool. There isn’t a setting for this available through the IIS GUI so we will need to do it using the CMD prompt.

Here is the command that will need to be ran.

%windir%\System32\inetsrv\appcmd.exe set config  -section:system.applicationHost/applicationPools /[name=’SmartConnectWcf’].CLRConfigFile:”C:\Program Files (x86)\eOne Solutions\wcf\AppPool.config”  /commit:apphost


Asp.net Web Service

In the asmx folder: C:\Program Files (x86)\eOne Solutions\www

The application pool for the service needs to be pointed to a different CLRConfigFile. By default, all application pools use the aspnet.config file, but we don’t want to change that one.

Create a new file named “AppPool.config”

The file should contain the following.

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<configuration>

<runtime>

<legacyUnhandledExceptionPolicy enabled=”false” />

<legacyImpersonationPolicy enabled=”true”/>

<alwaysFlowImpersonationPolicy enabled=”false”/>

<SymbolReadingPolicy enabled=”1″ />

<shadowCopyVerifyByTimestamp enabled=”true”/>

<enforceFIPSPolicy enabled = “false” />

</runtime>

<startup useLegacyV2RuntimeActivationPolicy=”true” />

</configuration>

 

After creating the file, it will need to be assigned to the Application Pool. There isn’t a setting for this available through the IIS GUI so we will need to do it using the CMD prompt.

Here is the command that will need to be ran.

%windir%\System32\inetsrv\appcmd.exe set config  -section:system.applicationHost/applicationPools /[name=’SmartConnect’].CLRConfigFile:”C:\Program Files (x86)\eOne Solutions\www\AppPool.config”  /commit:apphost

RECENT POSTS


Failed to create record.: Entity does not support insert
Too Many Fields Defined After Microsoft Update
The operating system is not presently configured to run this application
SmartConnect Service Stops and ServerName==0 Shows in Event Log
No 'Access-Control-Allow-Origin' header is present on the requested resource.

POPULAR POSTS


SSL Security error using OLEDB Connection
Removed Part: /xl/vbaProject.bin part. (Visual Basic for Applications (VBA))
The server process could not be started because the configured identity is incorrect.
Using WINSCP and a task to upload or download files from an SFTP site
Shortcuts Template for Extender

CATEGORIES

ARCHIVES

open all | close all

TAGS

Business Central CRM Dynamics 365 dynamics crm Dynamics GP Dynamics NAV Econnect Employee Spotlight eone eOne News error Error Message Events Excel Excel Report Builder Extender Flexicoder GP integration Map Meet the Team Microsoft dynamics crm Microsoft Dynamics GP Navigation List Builder Office Relationships partners Popdock release Reporting SalesForce SalesForce.com SmartConnect SmartConnect.com SmartConnect Bootcamp SmartConnect Maps SmartConnect Office Hours SmartList SmartList Builder SmartView SOP SQL Support Tech Tuesday Templates training

Integrate & Automate without Any Code.

SmartList Data has Never Been Faster.

The Easiest Way to Report on GP Data.