ZCM agent does not support the FIPS-140 encryption methods

  • 7006539
  • 30-Jul-2010
  • 16-Jun-2015

Environment

Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3 Content

Situation

Enabling the FIPS compliant security setting either in the Local Security Policy or as part of Group Policy on a device causes the ZCM agent to fail when accessing HTTPS servlets on the server.  For example, when downloading content from a server.


Resolution

Working as Designed.  Enhancement Request has been made.

Status

Reported to Engineering

Additional Information

The Zen Agent's .NET classes currently in used by ZCM 10.x agent uses non-fips-140-compliant encryption classes to download content to managed devices. FIPS-140 requires .NET 3.5 APIs which is being reviewed as a possibility for ZCM 11.
More information on FIPS-140 can be found at http://support.microsoft.com/kb/811833



If the FIPS policy shows "Disabled" yet the following regkey exists, see KB 7016055 "Getting FIPS Error in Bundle with FIPS Disabled" for resolution.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]

"fipsalgorithmpolicy"=dword:00000001