icinga-powershell-framework icon indicating copy to clipboard operation
icinga-powershell-framework copied to clipboard
verified publisher icon Icinga

service install on windows server 2012 error on FIPS validated cryptographic algorithms

Open drapiti opened this issue 10 months ago • 2 comments

On a specific system we are expieriencing the following issue:

An error occurred during installation: Exception calling ".ctor" with "0" argument(s): "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms."

The result is that the powershell service is not installed. (Running framework 1.13.2)

drapiti avatar Feb 03 '25 20:02 drapiti

This error sounds familiar from the past. Is this something that only occurred with 1.13.x or earlier versions as well?

LordHepipud avatar Feb 04 '25 15:02 LordHepipud

This error sounds familiar from the past. Is this something that only occurred with 1.13.x or earlier versions as well?

It's the first time I've seen it, and I think this server previously was running ok. So it should have to do with 1.13, but I'm not 100% sure of this. When I get the chance I can try an older framework on the same machine.

drapiti avatar Feb 04 '25 15:02 drapiti

Just checking back, I was able to bypass this problem by disabling the following policy setting: https://www.eonesolutions.com/help-article/this-implementation-is-not-part-of-the-windows-platform-fips-validated-cryptographic-algorithms/ I only found it on very few systems.

drapiti avatar Apr 11 '25 16:04 drapiti

I assume the issue happens because the service binary is evaluated with an MD5 file hash, to ensure it is the correct file instead of using SHA256 for example.

We will change the behavior of this with v1.14 and ship all available service binaries with a sh256 hash file as well and use sha256 for validation starting with v1.14

LordHepipud avatar Apr 22 '25 12:04 LordHepipud