I am trying to compile my program in visual studio and I am getting a FIPS Cryptographic algorithms error. I have checked the registry key and it is set to false.
Any suggestions?
Asked
Active
Viewed 7.4k times
4 Answers
37
I had a hard time with this too. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa. Under a subkey you should see FipsAlgorithmPolicy. DELETE this registry entry and restart visual studio.
James Wiseman
- 29,946
- 17
- 95
- 158
Robert
- 4,306
- 11
- 45
- 95
-
21I didn't DELETE anything. Just navigated into the FipsAlgorithmPolicy folder and changed the "Enabled" DWORD from 1 to 0 and it worked just fine. In the morning my computer crashed, then booted up and started installing updates, and prompted if I wanted to start windows normally. Not sure if it was the crash or the updates that got me. Thanks for the fix! – MikeTeeVee Aug 01 '13 at 09:35
-
3Delete or disable will work in your local PC, what happens when you're publishing or distributing the software? I think you should chose another cryptographic algorithm that is FIPS compliant – Adrian Salazar Feb 15 '14 at 12:07
-
1With deleting the key you probably won't get the error anymore. But it seems that afterwards the encrypting won't be FIPS compliant any more. May be, some other software needs this FIPS compliance. – marsh-wiggle Sep 17 '14 at 14:36
-
@boboes The key that is being deleted is not the correct FIPS compliance key. There is aother key at HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPS. This is the key that actually deals with the FIPS compliancy. – Robert Sep 17 '14 at 17:06
-
@robert: according to http://support.microsoft.com/kb/811833/en-us this key is responsible for the settings: HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled, at least for W2008 / W2008 R2 – marsh-wiggle Sep 18 '14 at 07:40
-
@boboes correct the one that I am suggesting you remove is two directories up. – Robert Sep 18 '14 at 12:08
-
I was able to set to 0 and not restart. If your company group policy refreshes upon restart the registry reverts. – mhijazi Aug 30 '16 at 15:02
21
You can fix this by adding <enforceFIPSPolicy enabled="false"/> under the runtime section in the .config files of:
- MSBuild (example path:
C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\15.0\Bin\MSBuild.exe.config) - Visual Studio (example path:
C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe.config)
Philippe
- 3,945
- 3
- 38
- 56
-
I prefer this answer since it is more generally applicable. The FIPS policy is usually configured by your organization and propagated via Active Directory. In this case, it should not be changed globally by editing the registry. – Jim Clark Apr 30 '21 at 14:01
5
My answer was to change the registry key from 1 to 0 here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
StayOnTarget
- 11,743
- 10
- 52
- 81
Icculus018
- 1,018
- 11
- 19
1
Question is a bit general. My more specific error:
AppContainer Creation Failed with error message NONE, state This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms
Microsoft explains and lists a workaround here:
Open Web.config Locate the system.web section
Add the key:
*<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>*
Save Web.Config, then iisreset from the command prompt.
Assumption is that company policy has set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy with a value of 1 (and of course, that IIS is running)
Would be nice to know why this effects the installation of Python and R on Windows SQL Server 2019.
StayOnTarget
- 11,743
- 10
- 52
- 81
Jamie
- 437
- 4
- 15