Error: This Implementation is not part of the Windows Platform FIPS validate cryptographic algorithms

Error:

When trying to access my newly provision SharePoint 2019 central Administration Site, encounter the following error:

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms

Windows FIPS Error Message

Root Cause:

FIPS stands for “Federal Information Processing Standards.” It’s a set of government standards that define how certain things are used in the government–for example, encryption algorithms. FIPS defines certain specific encryption methods that can be used, as well as methods for generating encryption keys. It’s published by the National Institute of Standards and Technology, or NIST.

The setting in Windows complies with the US government FIPS 140 standard. When it’s enabled, it forces Windows to only use FIPS-validated encryption schemes and advises applications to do so, as well.

“FIPS mode” doesn’t make Windows more secure. It just blocks access to newer cryptography schemes that haven’t been FIPS-validated. That means it won’t be able to use new encryption schemes, or faster ways of using the same encryption schemes. In other words, it makes your computer slower, less functional, and arguably less secure.

Reference: https://www.howtogeek.com/245859/why-you-shouldnt-enable-fips-compliant-encryption-on-windows/

Solution:

The FIPS compliant setting is forced via Group Policy.

Open Group Policy and navigate to:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

FIPS Compliance Setting

Set the setting System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing to Disabled.

Run a gpupdate /force on the server and you will now be able to access Central Admin (or whatever website you had this issue).

Web Site now working

Additional information can be found here – https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing

AutoSPInstaller Error – This content database requires upgrade

AutoSPInstaller is a great project that facilitates Automated SharePoint installation including Sharepoint 2010, 2013, 2016 and 2019.

Auto SP Installer provides a powerful way to deploy and configure a
single-server development environment to multiple-server SharePoint farm.

When creating the Web Application via AutoSPInstaller, the script failed because the content database required to be upgraded.

Error

New-SPWebApplication: This content database requires upgrade and could not be attached in this operation.

AutoSPInstaller Error – Content Database Requires Upgrade

Solution:

When the AutoSPInstaller failed earlier, it had initially created the Content database, but hadn’t finished configuring the database, hence the error.

Delete the Content Database from SQL Server and re-run the AutoSPInstaller script.

Error while powering on – The Intel VMX Unrestricted Guest feature is necessary

Rebuilt one of my ESXi hosts into a windows server with VMWare Workstation  (future HomeLab update post coming).

First server that I started to build and powered on I got the following error:

---

This host does not support virtualizing real mode. The Intel VMX Unrestricted Guest feature is necessary to run this virtual machine on an Intel processor.

Module CPUIDEarly power on failed.

---

The reason this is the case if that in Workstation 14, the system requirements changed meaning that old CPUs like mine

Go to C:\ProgramData\VMWare\VMWare Workstation and add the following setting to the config.ini file:

monitor.allowLegacyCPU = “true”

Close VMWare Workstation and now you will be able to start the Virtual Machine.

Error: Service Cannot Start HTTP, Could Not Register URL

Received the following SCOM Alert that a particular program would not start.

I tried to start the service manually but no luck.
I then checked the Event Logs while trying to start the service manually.

Found the following error:
Service Cannot Be Started. System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8731/TestService/. Your process does not have access right to this namespace — > System.Net.HttpListenerException: Access is denied.

Solution:
Run Command Prompt as Administrator and run the following command:

netsh http add urlacl url=http://+:8731/TestService/ user=TEST\svc_test_serviceaccount

You will get a message that URL reservation successfully added.

To view the urlacl, run

Netsh http show urlacl

Error – Change SQL Server Login Details Failed – Cannot Find Object or Property

Applicable To:
SQL Server 2008 R2
SQL Server 2012
SQL Server 2014

Recently tried to change a SQL Server service account details from Local System to a domain account as per best practices.
When I went to change the service account details I encountered the below issue:

 

 Solution:

 Grant the new SQL Server service account Full Control on the following folders:

C:\Program Files\Microsoft SQL Server\MSSQL.MSSQLServer\MSSQL\
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\

And grant full control to the registry key:

HKeyLocalMachine\System\CurrentControlSet\Services\WinSock2\Parameters