DX Infrastructure Manager

Expand all | Collapse all

Vmware-Unable to open probe configuration due to FIPS algorithm

  • 1.  Vmware-Unable to open probe configuration due to FIPS algorithm

    Posted 12-21-2018 02:18 AM

    Hi All,

     

    Whenever I try to open Vmware probe I am getting the below error.

     

     

    Have raised a tag with support and they suggested to disable FIPS algorithm from the server where we try to open the probe.Since Enabling FIPS is mandatory from audit perspective, looking for alternate solution.

     

    Is there any option to avoid this issue?

     

    Have seen this article for ad_server probe.can anything be added like this for vmware as well

     

    https://communities.ca.com/ideas/235723277

     

    Regards,

    Usha



  • 2.  Re: Vmware-Unable to open probe configuration due to FIPS algorithm

    Posted 12-21-2018 08:59 AM

    The current GA releases of vmware probe do not support FIPS compliance. In order to get these probes to be FIPS compliant, they would have to be changed to add the FIPS Cryptography algorithm to the probes and then subject the probes to a full QA cycle to assure that the probes continue to work. FIPs support/compliance for the vmware probe or any other probe would be an enhancement request that can be submitted via the UIM User's forum, new ideas.

     

    An alternate option is to disable FIPS but it seems that is not feasible.

     

    https://support.microsoft.com/en-us/help/811833/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashi 

     

    Security Settings > Local Policies > Security Options System cryptography: Set to Disabled.

     

    You may need to set these registry settings to 0 per above MS Article.

     

    HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled

    HKLM\System\CurrentControlSet\Control\Lsa\ FIPSAlgorithmPolicy

     

    Another customer found that downgrading the vmware probe from 6.x to a 4.x version to allow the probe to work under this scenario worked for them, but the feasibility of downgrading depends on what versions of vCenter you need to monitor.

     

    Steve