HELP ARTICLE

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms


What is FIPS?

Windows has a setting that prevents applications on the machine from using encryption that are not compliant with Federal Information Processing Standards(FIPS). This setting is typically only needed for servers that contain government data. Here is a good article about FIPS and why it would need to be enabled.

The reason this is causing an issue, is because SmartConnect encrypts the SQL login details used to connect to the SmartConnect database using a non-FIPS compliant algorithm. There are two options to resolve this error message. The first is to disable FIPS Mode. If this is not an option, we can add some SmartConnect config files to tell Windows that SmartConnect is exempt from the FIPS requirements.

Disable FIPS Mode

Disabling FIPS Mode is a simple setting switch to the Local Policy.

Go to Administrative Tools > Local Security Policy > Local Policies > Security Options > System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Switch the flag to disabled.

**In my testing I haven’t needed to reboot after changing the setting, but if the issue persists, a restart may be required.

Exclude SmartConnect from FIPS

We will need to add a configuration file for each SmartConnect application and service individually. I will go into detail about each SmartConnect folder individually.

User Interface, Windows Service, and Configuration Application

In the SmartConnect Folder: C:\Program Files (x86)\eOne Solutions\SmartConnect

There are four config files that need to be added. The names must match exactly.

eOne.SmartConnect.RunMapConsole.exe.config

eOne.SmartConnect.UI.External.exe.config

eOne.SmartConnect.WindowsService.exe.config

eOne.SmartConnect.Config.exe.config

 

Each file will contain the same XML.

<configuration> 

<runtime> 

<enforceFIPSPolicy enabled=”false”/> 

</runtime> 

</configuration>

 

WCF Service

In the WCF Folder: C:\Program Files (x86)\eOne Solutions\wcf

The application pool for the service needs to be pointed to a different CLRConfigFile. By default, all application pools use the aspnet.config file, but we don’t want to change that one.

Create a new file named “AppPool.config”

The file should contain the following.

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<configuration>

<runtime>

<legacyUnhandledExceptionPolicy enabled=”false” />

<legacyImpersonationPolicy enabled=”true”/>

<alwaysFlowImpersonationPolicy enabled=”false”/>

<SymbolReadingPolicy enabled=”1″ />

<shadowCopyVerifyByTimestamp enabled=”true”/>

<enforceFIPSPolicy enabled = “false” />

</runtime>

<startup useLegacyV2RuntimeActivationPolicy=”true” />

</configuration>

 

After creating the file, it will need to be assigned to the Application Pool. There isn’t a setting for this available through the IIS GUI so we will need to do it using the CMD prompt.

Here is the command that will need to be ran.

%windir%\System32\inetsrv\appcmd.exe set config  -section:system.applicationHost/applicationPools /[name=’SmartConnectWcf’].CLRConfigFile:”C:\Program Files (x86)\eOne Solutions\wcf\AppPool.config”  /commit:apphost


Asp.net Web Service

In the asmx folder: C:\Program Files (x86)\eOne Solutions\www

The application pool for the service needs to be pointed to a different CLRConfigFile. By default, all application pools use the aspnet.config file, but we don’t want to change that one.

Create a new file named “AppPool.config”

The file should contain the following.

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<configuration>

<runtime>

<legacyUnhandledExceptionPolicy enabled=”false” />

<legacyImpersonationPolicy enabled=”true”/>

<alwaysFlowImpersonationPolicy enabled=”false”/>

<SymbolReadingPolicy enabled=”1″ />

<shadowCopyVerifyByTimestamp enabled=”true”/>

<enforceFIPSPolicy enabled = “false” />

</runtime>

<startup useLegacyV2RuntimeActivationPolicy=”true” />

</configuration>

 

After creating the file, it will need to be assigned to the Application Pool. There isn’t a setting for this available through the IIS GUI so we will need to do it using the CMD prompt.

Here is the command that will need to be ran.

%windir%\System32\inetsrv\appcmd.exe set config  -section:system.applicationHost/applicationPools /[name=’SmartConnect’].CLRConfigFile:”C:\Program Files (x86)\eOne Solutions\www\AppPool.config”  /commit:apphost

RECENT POSTS


SmartConnect – Zip File as Source
RM Apply Detail SmartList Builder Template
The timeout period elapsed while attempting to consume the pre-login handshake acknowledgement
GlobalFileName not populated when using in a script
Wrong Date in Dynamics CRM/D365 for Customer Engagement Data Source

POPULAR POSTS


Removed Part: /xl/vbaProject.bin part. (Visual Basic for Applications (VBA))
Manufacturing Serial Trace SmartList Builder Template
The server process could not be started because the configured identity is incorrect.
How to update SmartConnect from 10.0.0.51 to SmartConnect 2014
Using WINSCP and a task to upload or download files from an SFTP site

CATEGORIES

ARCHIVES

open all | close all

TAGS

CRM Dynamics 365 dynamics crm Dynamics GP Dynamics NAV Econnect Employee Spotlight eone eOne News eOne Spotlight ERP Events Excel Excel Report Builder Extender Extender Enterprise Flexicoder GP GPUG integration integration manager Meet the Team Microsoft dynamics crm Microsoft Dynamics GP Office Relationships partners Popdock release Reporting SalesForce SalesForce.com scripting SmartConnect SmartConnect.com SmartConnect Office Hours SmartList SmartList Builder SmartList Designer SmartView SQL Support Tech Tuesday Templates training Zendesk

Integrate & Automate without Any Code.

SmartList Data has Never Been Faster.

The Easiest Way to Report on GP Data.