ZCM agent does not support the FIPS-140 encryption methods

  • 7006539
  • 30-Jul-2010
  • 16-Jun-2015


Novell ZENworks 10 Configuration Management with Support Pack 3 - 10.3 Content


Enabling the FIPS compliant security setting either in the Local Security Policy or as part of Group Policy on a device causes the ZCM agent to fail when accessing HTTPS servlets on the server.  For example, when downloading content from a server.


Working as Designed.  Enhancement Request has been made.


Reported to Engineering

Additional Information

The Zen Agent's .NET classes currently in used by ZCM 10.x agent uses non-fips-140-compliant encryption classes to download content to managed devices. FIPS-140 requires .NET 3.5 APIs which is being reviewed as a possibility for ZCM 11.
More information on FIPS-140 can be found at http://support.microsoft.com/kb/811833

If the FIPS policy shows "Disabled" yet the following regkey exists, see KB 7016055 "Getting FIPS Error in Bundle with FIPS Disabled" for resolution.