ZVM Service Stops And The Event Viewer message Contains “MD5CryptoServiceProvider”

KB Number:
000001581

Symptoms:
The Zerto Virtual Manager service stops and the Windows Application event viewer log shows:

ZvmInitializer,<SetUnhandledExceptionEventHandler>b__66_0,Unhandled exception occurred,"System.Reflection.TargetInvocationException System.Object InvokeMethod(System.Object, System.Object[], System.Signature, Boolean) System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()

Cause:
Zerto does not support Federal Information Processing Standard (FIPS).

Solution:

Steps to check if the FIPS is enabled / disabled

1.  Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.

2.  Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

User-added image

If it is enabled please contact your group policy administrator to disable and then run gpupdate /force locally on the ZVM. 

FIPS Cryptography should now be disabled and Zerto Virtual Manager Service should start without issue.

** Microsoft's previous guidance had recommended a setting of Enabled, primarily to align with US Federal government recommendations. Windows security baselines recommend this setting be Not Defined, meaning that they leave the decision to customers. See Microsoft KB below.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing


Affected Versions:
All

Hypervisor:
All

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...