Monday, August 12, 2013

Deploying SCOM 2012 SP1 in FIPS Enabled Environment (pt1)

One of my earliest post on SCOM Installation checklist, on of the items to do is to check if the deployment environment is enabled with FIPS (Federal Information Processing Standards). (You can know more about FIPS here).

As time goes by, i stumbled upon yet another SCOM deployment where FIPS is enabled as part of the client’s security hardening. What i did was, to first install the SQL Server and Reporting Services, and then verifying that the SSRS webpage is accessible, before building up my SCOM servers. What was least expected, was the report page is completely blank. Set IE not to display any friendly error messages too, did not show any error on the page. i got stuck,  and after a few searching here and there, it might be due to the enabling of FIPS in the environment.

In order to know if FIPS is enabled, what we need to do is to launch the registry editor and locate the following key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy

If it is enabled, the value will be 1.

image

First, fix the SSRS blank page issue, you may want to browse <driver>:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\LogFiles. Open the log files and search for FIPS. If it is a FIPS related issue, you will see something similar like this.

image

 

 

 

When you see the error message above, do the following.

    1. In a text editor such as Notepad, open the Report Manager Web.config file which is located in the default path: <driver>:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportManager.
    2. In the Web.config file, locate the <system.web> section.
    3. Add the following <machineKey> section to in the <system.web> section:
      <machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
    4. Save the Web.config file.
    5. Once done, restart the Reporting Services, and try to access the Reports page again, by now, you should be able to access the page.

 

1 comment:

  1. Emperor Casino | Online casino | Shootercasino
    The febcasino online casino is owned by the 카지노 Gila River Indian Community and operated by the Gila River Indian Community. It is located in the centre 제왕 카지노 of the Black Hawk

    ReplyDelete