Wednesday, October 22, 2008

FIPS and SharePoint

Hello SharePointers,

Well, one monkey off the back at long last. Way back in February 2008 we ran into a problem where SharePoint would not work when the "System Crptography: Use FIPS compliant algorithms for encryption, hashing and signing" AD security policy was set to Enabled. SharePoint would come up with "An unexpected error occurred", with some 6482 messages in the Event Logs.

Well, along came the August Cumulative Updates, which apparently resolved the issue. So I installed the CU's per the instructions here, enabled FIPS, and what do you know, it still didn't work, still got "An unexpected error occurred"!!!

Well, turns out that the fix for SharePoint indeed just disables logging of those 6482 error codes. In addition to those CU's, you still need to update the web.config for the SharePoint site, so that it tells .Net to use the encryption that FIPS requires. Which oddly enough doesn't seem to be as strong as the non-FIPS encryption, but then I'm no expert! Please see this article for the details on how to modify the machinekey setting to use the 3DES algorith. Good luck!!