Finished an install of MOSS on a box and tried to bring up Central Admin.
I received this most informative message!
An Unexpected error has occurred
Step 1:
First thing to do was to get the actual error message.
Tweak the web.config in WSS
1.) Modify the web.config and set debug="false".
Note: Some blogs mention the work around
<configuration>
<runtime>
<enforceFIPSPolicy enabled=”0” />
<!-- or maybe ="false" -->
</runtime>
</configuration>
The issue here is that if you need FIPS compliance then you can't just turn off the policy.
Step 2:
Now I was getting the actual error - Unable to validate data. The application log listed Event ID 1309/Event Code 3005. The key was the validation error. This lead me to a common error in our environment.
Issue:
Group Policy enforced on our servers sets fips policy to 1
(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy)
MOSS 2007 is built on 2.0 of Framework which uses the RijndaelManaged implementation of the AES algorithm when it processes view state data. The RM implementation has not been certified by the NIST as compliant with the Federal Information Processing Standard (FIPS). Therefore the FIPS algorithm is not part of the Windows Platform FIPS validated crytographic algorithms. Enforcing FIPS means that state data in MOSS can't be decypted properly.
Solution:
Modify the Machine.config file
1.) Open machine config at %installdir%/microsoft.net/Framework/v2.0.50727/Config
2.)Locate <system.web>
3.)Add following block
<machineKey validationKey="AutoGenerate,IsolateApps" decryptionKey="AutoGenerate,IsolateApps" validation="3DES" decryption="3DES"/>
4.)Save machine.config
5.)iisreset
You can modify the machine.config to disable FIPS but if you are in an organization which does not allow that then you need to tell the Framework to use another type of encryption.
ReplyDelete