Managed by the FaxBack Support Team
This article applies to:
NET SatisFAXtion 8.7, 9.0
Fax Connector 9.x
Email Gateway 8.7, 9.0
OS:All


PROBLEM

A group policy change to enable FIPS (Federal Information Processing Standard) causes NET SatisFAXtion services to fail loading workflow processes.

Error text:
Workflow Host
Loading Export_Core: Compiling Export_Core: Exception: System.Exception: Compilation Errors:
error 348: Compilation failed. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

at FaxBack.WorkflowEngine.FBWorkflowCompiler.CompileWorkflow(String xomlFile, String[] assemblyList, Boolean fromDesigner)
at FaxBack.WorkflowEngine.WorkflowService.EnsureWorkflowIsCompiled(WorkflowHandle wfh)
at FaxBack.WorkflowEngine.WorkflowService.Start(Boolean skipAutoRun)
at FaxBack.WorkflowEngine.WorkflowService.Start()
at FaxBack.NSWORKFLOWHOST..ctor(Object loader_callback_ptr)
at FaxBack.WorkflowEngine_INIT_OVERLAY.init_overlay(Object loader_callback_ptr, String cmd_line)

0xFFFFFFFF

Affected NET SatisFAXtion programs are:
  • NET SatisFAXtion 8.7, 9.0
  • NET SatisFAXtion Email Gateway 8.7, 9.0
  • AudioCodes Fax ATA Connector

CAUSE

Enabling FIPS finds a Microsoft .NET library from a Microsoft toolkit that's used in a shared library. It's used to scramble email account passwords before they are saved to XML, and to scramble product keys before being transmitted between the email gateway or Fax ATA Connector and NET SatisFAXtion or NET SatisFAXtion connection server.

SOLUTION

Exclusions need to be made for programs using the Microsoft .NET library. Download and run the NS-FIPSHotfix.exe where NET SatisFAXtion software is installed.

Running NS-FIPSHotfix.exe
The hotfix will update all programs if running on the same VM or iron machine. It is not necessary to stop any NET SatisFAXtion or AudioCodes services to run the hotfix, however if any services are currently not starting due to "FIPS validated cryptographic algorithms" , restart those services after running the hotfix. If run on Windows Server 2012, reboot the OS after running the hotfix.

If a problem is encountered running the hotfix, contact support@faxback.com

DOWNLOAD THE HOTFIX

Updated: 5-3-2017

What does the Hotfix do?

The hotfix adds "<enforeceFIPSPolicy enabled=false />" to each .config file for each service executable affected by FIPS, instructing FIPS to make an exception and allow loading.

<configuration>
<runtime>
<generatePublisherEvidence enabled="false" />
<enforeceFIPSPolicy enabled="false" />
<startup useLegacyV2RuntimeActivationPolicy="true"></startup>
</runtime>
</configuration>


.
Outside References about FIPS
http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx

Copyright © FaxBack, Inc.