Environment
Situation
During the installation of PlateSpin Migrate or Protect, the following error may be found in the PortabilitySuite_CustomActions.log file.
Error: System.Exception: Enforce FIPS enabled but the machine.config is missing the machineKey element
The above error "error running a custom action” is caused when FIPS security is enabled on the server, but the .NET machine.config file does not reflect this.
Resolution
To resolve this issue:
If FIPS encryption is NOT required, disable it from within the Local Security Policy or the registry.
1. From the Local Security Policy:
Local Policies à Security Options à System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
2. From the registry:
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy
• 1 = Enabled
• 0 = Disabled
If FIPS encryption is required in the environment, modify the existing machine.config file to reflect this.
1. Open machine.config within <WINDOWS FOLDER>\Microsoft.NET\ v2.0.50727>\CONFIG
2. Find the <system.web> tag
3. Add the following value within the <system.web> tag
<system.web>
:
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
:
</system.web>
4. Restart IIS
5. Retry the installation.