Install Error: System.Exception: Enforce FIPS enabled but the machine.config is missing the machineKey element

  • 7921041
  • 03-Mar-2008
  • 27-Apr-2012

Environment

PlateSpin Protect
PlateSpin Migrate  

Situation

 

During the installation of PlateSpin Migrate or Protect, the following error may be found in the PortabilitySuite_CustomActions.log file.

Error: System.Exception: Enforce FIPS enabled but the machine.config is missing the machineKey element

The above error "error running a custom action” is caused when FIPS security is enabled on the server, but the .NET machine.config file does not reflect this.

Resolution

To resolve this issue:

If FIPS encryption is NOT required, disable it from within the Local Security Policy or the registry.

1. From the Local Security Policy:

Local Policies à Security Options à System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

2. From the registry:

HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy

           1 = Enabled

           0 = Disabled

If FIPS encryption is required in the environment, modify the existing machine.config file to reflect this.

1.    Open machine.config within <WINDOWS FOLDER>\Microsoft.NET\ v2.0.50727>\CONFIG

2.      Find the <system.web> tag

3.      Add the following value within the <system.web> tag

<system.web>

          :

            <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>

          :

</system.web>

 

4.  Restart IIS

 

5.    Retry the installation.

 

 

Feedback service temporarily unavailable. For content questions or problems, please contact Support.