Licensing Wizard Error - FIPS

The problem appears to be with the way the cryptographic services are set up on in your environment. And the issue could be local to the SCOM server or could be controlled by a domain wide security policy. The error that you get is basically stating that the encryption algorithm attempted on the client side for communicating with the F5 Licensing Server is not standards based (Federal Information Processing Standards / FIPS compliant).

 

 

The F5 Management Pack Licensing Wizard (which is the client in the licensing scenario), attempts to create an MD5 hash of a local dossier file, created during the licensing/setup process, which is then sent out to the F5 Licensing Server for storing it with the license key. When the MD5 hash is being attempted by the Licensing Wizard, you get the FIPS compliance error, reported by the underlying .NET Framework libraries (on your local system). This problem occurs because the MD5 algorithm is not FIPS compliant.

 

 

We can try to troubleshoot this over a remote session (using GoToMeeting), or if you provide us more information about the error and your system settings, we can try to pinpoint the possible cause and suggest a fix / workaround. Most probably the workaround would be to to DISABLE (temporarily) the FIPS compliant encryption algorithm requirement on your system.

 

 

Please check / provide the following information (you can send this information directly to to managementpack(at)f5(dot)com:

 

 

- send us the setup.log file, in the %Program Files%\F5 Networks\Management Pack\log folder.

 

- run the SystemInformation.ps1 diagnostic script and send us the output (see this article: http://devcentral.f5.com/wiki/default.aspx/MgmtPack/GeneralTroubleshooting.html)

 

- check the following registry keys (if present and their values):

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled (DWORD value): what is the value?

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy (DWORD value): what is the value?

 

 

(You should have either one or the other of these keys (depending on the Windows Server OS version).

 

 

- check the if the FIPS compliance policy in your local security policy: gpedit > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing.

 

 

My personal suggestion would be to disable (temproarily the FIPS compliance policy, while you attempt to license the F5 product.

 

 

Let me know your thoughts.

 

Julian