Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

The Get-FederatedDomainProof cmdlet fails in an Exchange Server 2010 SP1 environment


View products that this article applies to.

Symptoms

Consider the following scenario:
  • You create a federation trust between a Microsoft Exchange Server 2010 Service Pack 1(SP1) organization and Microsoft Federation Gateway.
  • The System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting is enabled on the server that is running Exchange Server 2010 SP1.
  • You use the Get-FederatedDomainProof cmdlet to generate a cryptographically secure string for the domain.
In this scenario, the cmdlet fails, and you receive the following error message:

WARNING: An unexpected error has occurred and a Watson dump is being generated: Exception has been thrown by the target of an invocation.
Exception has been thrown by the target of an invocation.

Exception has been thrown by the target of an invocation.
+ CategoryInfo : NotSpecified: (:) [Get-FederatedDomainProof], TargetInvocationException
+ FullyQualifiedErrorId : System.Reflection.TargetInvocationException,Microsoft.Exchange.Management.SystemConfigur
ationTasks.GetFederatedDomainProof

Additionally, the following event is logged on the Exchange Server 2010 SP1 server:


↑ Back to the top


Cause

This issue occurs because the cryptographic algorithm that is used to calculate the hash value of a domain name is not a U.S. Federal Information Processing Standards (FIPS)-certified cryptographic algorithm.

↑ Back to the top


Resolution

To resolve this issue, install the following update rollup:
2661854 Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More Information

For more information about the System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing security setting is , click the following article number to view the article in the Microsoft Knowledge Base:
811833 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
For more information about how to create a federation trust, visit the following Microsoft website:
For more information about the Get-FederatedDomainProof cmdlet, visit the following Microsoft website:
For more information about FIPS-compliant algorithms, visit the following Microsoft website:

↑ Back to the top


Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 2644920
Revision : 1
Created on : 1/7/2017
Published on : 4/16/2012
Exists online : False
Views : 379