4,592 questions
FIPS must be disabled. SharePoint uses MD5 internally for fast hashing, but it does not use it for security purposes as MD5 is insecure.
SharePoint 2016 Configuration Failed: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 88%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
adil
1,431
Reputation points
Hi,I Prepared new SharePoint 2016 Test Server and when i run Configuration wizard in Updating SharePoint step it throws the following error:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
anyone has idea how to fix this issue and for SharePoint Server is below Security policy required to be enabled or disable? i checked in server it was Enable.
security policy 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing'
Microsoft 365 and Office | SharePoint Server | For business
Accepted answer
-
trevorseward 11,711 Reputation points2020-12-27T22:24:37.783+00:00 -
adil 1,431 Reputation points
2020-12-31T07:26:51.197+00:00 Hi Trevor thanks for your reply, as you said MDF is insecure ,if we disable for SharePoint Server is it not impact for Windows Server2019 Security or it cause any security vulnerability?
-
trevorseward 11,711 Reputation points
2020-12-31T19:32:39.977+00:00 With FIPS disabled, which is required for SharePoint Server, Windows will be able to leverage MD5 hash and any other insecure mechanism that FIPS disables.
-
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
JoyZ 18,111 Reputation points
2020-12-28T02:25:00.9+00:00 Hi @adil ,
As trevor said, disable FIPS group policy then run PS Config again, here are steps to disable the group policy:
- Open Local Group Policy Editor (gpedit.msc).
- Click Computer Configuration> Windows Settings> Security Settings> Local Policies>Security Options.
- Scroll to 'System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing' (this should not be enabled).
- Ensure the policy is DISABLED.
- Repeat on all Windows servers in your FARM which are affected.
- Perform IIS RESET.
- Verify the setting and ensure the policy is disabled.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.