Thursday, November 03, 2011 12:37 PM
I've installed MAP 6.0 at a client to do an assessment. When I run the Assessment Wizard it goes until I click Finish and disappears without starting the task or giving any feedback.
When I look at the log I see the following:
<2011-11-03 08:10:59.67 TID-1@InventoryService,I> Reset() - Resetting InventoryService.
<2011-11-03 08:10:59.97 TID-1@UICommonSingleton,E> An exception occurred in method: ConsoleWindow.StartAssessmentWizard
|Exception message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
| at System.Security.Cryptography.SHA1Managed..ctor()
| at HashFunctions.HashString(String inputString)
| at Microsoft.AssessmentPlatform.InventoryEngine.WorkItems.CredentialPropertiesEx..ctor(CredentialProperties credProps)
| at Microsoft.AssessmentPlatform.InventoryEngine.InventoryService.AddComputerCredentialProperties(CollectorTechnology tech, List`1 computers, List`1 credprops)
| at Microsoft.AssessmentPlatform.UI.Console.Tasks.InventoryWorker.AddTechCompCredPropsToInventory(CollectorTechnology tech, IEnumerable`1 multiCredTechList, List`1 techProps, IInventoryService inventoryService, String loggingIntro)
| at Microsoft.AssessmentPlatform.UI.Console.Tasks.InventoryWorker.AddTechCompCredProps(CollectorTechnology tech, IInventoryService inventoryService)
| at Microsoft.AssessmentPlatform.UI.Console.Tasks.InventoryWorker.InitializeInventoryService(IInventoryService inventoryService)
| at Microsoft.AssessmentPlatform.UI.Console.Tasks.InventoryWorker..ctor()
| at Microsoft.AssessmentPlatform.UI.Console.InventoryWizard.ShowWizard(Control parent)
| at Microsoft.AssessmentPlatform.UI.Console.ConsoleWindow.StartAssessmentWizard(WizardType wizardType)
|Location of error report:
| at Microsoft.AssessmentPlatform.UI.Console.UICommonSingleton.LogGenericException(String methodName, Exception ex, Boolean displayToUser)
, and the file ends there. Note, I tried the 6.5 Beta and got the same error.
In researching, I found kb article 935434 (http://support.microsoft.com/kb/935434), but the hotfix is only for .NET 3.0.
As this is a client, I can't turn off FIPS, or really change anything about their setup. Is there a workaround I can try? Any suggestions would be appreciated.
Friday, November 04, 2011 7:34 PMModerator
The hotfix applies to the use of MD5 hashing and FIPS is complaining about the SHA1 algorithm so I don’t think the hotfix will help, but you could certainly try. Upon investigation, it looks like MAP uses a set of SHA1 classes that are no longer FIPS compliant. We are looking into what it would take to update the code to use the newer classes, but legacy support will play a part in that determination. The only workaround I can think of is to bring in a laptop or computer running MAP that isn’t subject to the FIPS requirement, but that probably violates the customer’s policies.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked As Answer by Beckett6 Friday, November 04, 2011 7:52 PM
Thursday, August 02, 2012 2:44 PM
Just as a bit of information: this problem remains in the current version of the MAP Toolkit (7). Disabling "system cryptography: use FIPS compliant algorithms for encryption, hashing, and signing" enables MAP Toolkit to run to completion, and doesn't require a reboot to implement (that is, you can toggle the setting, run MAPT, and then return the setting to its original state without taking the scanning system down).
Pity this flaw remains extant. I don't think having the application fail silently (as opposed to at least warning the user and describing the nature of the credential storage problem) is satisfactory.
Friday, August 03, 2012 12:03 AMModeratorI agree that it shouldn't fail silently. I have opened a bug to see about generating an informative error message.
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. Please VOTE as HELPFUL if the post helps you. This can be beneficial to other community members reading the thread.