Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. OAB generation fails if FIPS is used in an Exchange Server 2013 environment

OAB generation fails if FIPS is used in an Exchange Server 2013 environment

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You use Federal Information Processing Standards (FIPS) on an Offline Address Book (OAB) server in a Microsoft Exchange Server 2013 environment. You do this by running the following command in Exchange Management Shell (EMS):
    Set-ItemProperty -Path HKLM:\system\currentcontrolset\control\lsa\fipsalgorithmpolicy -name enabled -Value 1
  • You try to update the OAB.
In this scenario, the update fails. Additionally, an event ID 17004 that resembles the following is logged in the Application log:

↑ Back to the top

Resolution

To resolve this issue, install the following cumulative update:
2961810 Cumulative Update 6 for Exchange Server 2013

↑ Back to the top

Cause

This issue occurs because the managed SHA1 hash algorithm is used for the generation of the OAB file hash. However, the file hash is not FIPS compliant.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

For more information about FIPS, go to the following Microsoft website:
More information about the FIPS compliant algorithms
For more information about the Set-ItemProperty cmdlet, go to the following Microsoft website:
General information about the Set-ItemProperty cmdlet
For more information about the Update-OfflineAddressBook cmdlet, go to the following Microsoft website:
General information about the Update-OfflineAddressBook cmdlet

↑ Back to the top

Keywords: kbqfe, kbfix, kbexpertiseadvanced, kbsurveynew, kb

↑ Back to the top

Article Info
Article ID : 2974339
Revision : 1
Created on : 1/7/2017
Published on : 3/7/2016
Exists online : False
Views : 308