I ran into an issue this week when testing VMware vCenter Configuration Manager (vCM). It turns out it does not play nicely when installed on 2008 R2 IIS Server that ALSO has the following GPO setup:

"System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

vCM runs on IIS, and when the server is forced to run FIPS-compliant, some of the internal vCM code must clash with IIS.

The fix is easy, of course. If it is defined in GPO, fix the GPO. If all you need is a quick fix, then you can change the following registry value from 1 to 0, then restart IIS.

HKLM\CurrentControlSet\Control\LSA\FipsAlgorithmPolicy: Enabled (change from 1 to 0)

Troubleshooting Links

Monday, March 11, 2013

Problems with IIS (when combined with FIPS GPO and VMware vCM)

"System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

vCM runs on IIS, and when the server is forced to run FIPS-compliant, some of the internal vCM code must clash with IIS.

The fix is easy, of course. If it is defined in GPO, fix the GPO. If all you need is a quick fix, then you can change the following registry value from 1 to 0, then restart IIS.

HKLM\CurrentControlSet\Control\LSA\FipsAlgorithmPolicy: Enabled (change from 1 to 0)