Description


When the WIN-911 FTAE Runtime receives an alarm from the FactoryTalk Alarms and Events server, it forwards the alarm to the Dispatcher module which then dispatches the alarm to the WIN-911 notifiers. When an alarm event passes from one module to another, it is serialized, which means it is possible for the alarm event to become corrupted.



Cause

This could be an issue so to insure data integrity, the FTAE Runtime uses the alarm event to create a SHA1 hash which the Dispatcher can then use to verify the contents of the de-serialized  of alarm event.


You will also this error in the Window Event Viewer:



Application: WIN911.Source.FTAE.Runtime.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
at System.Security.Cryptography.SHA1Managed..ctor()
at WIN911.BusinessCore.Helpers.CryptoHelper..cctor() Exception Info: System.TypeInitializationException
at WIN911.BusinessCore.Helpers.CryptoHelper.GetSHA1Hash(System.String)
at WIN911.BusinessCore.TypeBases.MobileObjectBase`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Hash()
at WIN911.Source.FTAE.Runtime.SourceConnection.DispatchEvent(System.Guid, WIN911.BusinessCore.MessageData.AlarmEvent)
at WIN911.Source.FTAE.Runtime.SourceConnection.Adapter_OnFTEvent(FTAdapter.FTEvent)
at FTAdapter.Adapter.raise_OnFTEvent(FTAdapter.FTEvent)
at <Module>.FTAdapter.?A0x068bbae3.Worker_DoWork(System.Object)
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)



Diagnose

The issue is that FIPS was enabled on the server which does not permit the SHA-1 algorithm. By disabling FIPS, the SHA-1 algorithm was permitted and the module functions as expected.



Solution

You will need to disable FIPS in your environment.


To turn off FIPS Cryptography using the Local Policies, follow these steps:
- Press the key combination WINDOWS_KEY+R to launch the Run dialog.
- Type secpol.msc into the dialog and click OK.
- In the Local Security Policy Management Console window that opens, use the left tab to navigate to the Local Policies > Security Options.
- Scroll down the right pane and double-click System Cryptograph: Use FIPS compliant algorithms for encryption, hashing, and signing.
- In the Properties window, select the Disabled option and click the Apply button.
- Close the Properties window by clicking OK.
- Close the Local Security Policy Management Console.


To turn off FIPS Cryptography using the Registry, follow these steps:

NOTE: Before making any changes to the Registry, you should back it up so you can restore the settings should something go wrong.

- Press the key combination WINDOWS_KEY+R to launch the Run dialog.
- Type regedit into the dialog and click OK.
- If running Windows Server 2008
a. Navigate to HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled.
b. Change the value of this registry entry to 0 to disable it.

- If running Windows Server 2003 or Windows XP:
a. Navigate to HKLM\System\CurrentControlSet\Control\FIPSAlgorithmPolicy.
b. Change the value of the registry entry to 0 to disable it.




Technical Support

To start a support case, you will need your Maintenance Support number or your CD Tracking number. CLICK HERE to open a new support case.