Article number
000004388
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All

ZVM Service Stops And The Event Viewer message Contains “MD5CryptoServiceProvider”

Viewed 45 times

Root Cause

Zerto does not support Federal Information Processing Standard (FIPS).

Symptoms

The Zerto Virtual Manager service stops and the Windows Application event viewer log shows:

ZvmInitializer,<SetUnhandledExceptionEventHandler>b__66_0,Unhandled exception occurred,"System.Reflection.TargetInvocationException System.Object InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()

Solution

Steps to check if the FIPS is enabled / disabled

1.  Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.

2.  Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

User-added image

If it is enabled please contact your group policy administrator to disable and then run gpupdate /force locally on the ZVM. 

FIPS Cryptography should now be disabled and Zerto Virtual Manager Service should start without issue.

** Microsoft's previous guidance had recommended a setting of Enabled, primarily to align with US Federal government recommendations. Windows security baselines recommend this setting be Not Defined, meaning that they leave the decision to customers. See Microsoft KB below.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing