When users attempt to login to Console, they get the follwoing error -
'This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms?
FIPS encryption is enabled on the server.
SOLUTION
As FIPS is enabled on the server, it is necessary to change the password algorithm to allow it to authenticate, it required switching to SHA1 passwords for FIPS compliance.
There is a flag in the database to dictate which algorithm we use for password encryption (default is MD5, FIPS compliance requires SHA1). This flag can be changed manually via a SQL statement. Also all existing passwords will no longer be valid as they will be encrypted in the wrong hash format so these all need to be reset using to an SHA1 hash. Because the encryption in both MD5 and SHA1 are only one way we can't convert the existing passwords so must instead set them all to blank.
MAKING THIS SWITCH WILL RESET ALL PASSWORDS SO ONLY DO THIS IF THERE IS A BACKUP OF THE DATABASE OR YOU ARE SURE YOU DON'T NEED THE EXISTING PASSWORDS!
To switch to SHA1 and reset passwords:
UPDATE md_catalog SET md_password_hash_algorithm = 1
UPDATE tps_password SET tps_password = 'DA-39-A3-EE-5E-6B-4B-0D-32-55-BF-EF-95-60-18-90-AF-D8-07-09'
You would not normally want to go back to MD5 but this is how:
UPDATE md_catalog SET md_password_hash_algorithm = 0
UPDATE tps_password SET tps_password = 'D4-1D-8C-D9-8F-00-B2-04-E9-80-09-98-EC-F8-42-7E'
