Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot use Outlook Web App after you enable the "System cryptography: Use FIPS algorithms for encryption, hashing and signing" security policy on an Exchange Server 2010 server


View products that this article applies to.

Symptoms

When you use Microsoft Outlook Web App to access your mailbox on Microsoft Exchange Server 2010, you receive the following Error message on the Outlook Web App page:
Exception
Exception type: System.TypeInitializationException
Exception message: The type initializer for 'Microsoft.Exchange.Data.Storage.GccUtils' threw an exception.

Call stack
----------

Microsoft.Exchange.Data.Storage.GccUtils.SetStoreSessionClientIPEndpointsFromHttpRequest(StoreSession session, HttpRequest httpRequest) 
Microsoft.Exchange.Clients.Owa.Core.OwaWindowsIdentity.CreateMailboxSession(ExchangePrincipal exchangePrincipal, CultureInfo cultureInfo, HttpRequest clientRequest) 
Microsoft.Exchange.Clients.Owa.Core.UserContext.CreateMailboxSession(OwaContext owaContext) 
Microsoft.Exchange.Clients.Owa.Core.UserContext.Load(OwaContext owaContext) 
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.CreateUserContext(OwaContext owaContext, UserContextKey userContextKey, UserContext& userContext) 
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie) 
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext) 
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext) 
Microsoft.Exchange.Clients.Owa.Core.OwaModule.OnPostAuthorizeRequest(Object sender, EventArgs e) 
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception:
------------------
Exception type: System.Reflection.TargetInvocationException
Exception message: Exception has been thrown by the target of an invocation.

Call stack:
----------
System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) 
System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) 
System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args) 
System.Security.Cryptography.SHA256.Create() 
Microsoft.Exchange.Data.Storage.DatacenterServerAuthentication..ctor() 
Microsoft.Exchange.Data.Storage.GccUtils..cctor()

Inner Exception
Exception type: System.InvalidOperationException
Exception message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

Call stack

System.Security.Cryptography.SHA256Managed..ctor()

Additionally, you may receive the following event in the Application log:
Log Name:      Application
Source:        MSExchange Common
Date:          10/5/2009 4:08:36 PM
Event ID:      4999
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Contoso
Description:
Watson report about to be sent for process id: 4092, with parameters: E12IIS, c-RTL-AMD64, 14.00.0639.020, OWA, mscorlib, S.S.C.SHA256Managed..ctor, System.TypeInitializationException, 7d8c, 02.00.50727.4016.
ErrorReportingEnabled: True

↑ Back to the top


Cause

This problem occurs when you enable the System cryptography: Use FIPS algorithms for encryption, hashing and signing security policy on an Exchange Server 2010 server that has Client Access Server role installed.

↑ Back to the top


Resolution

To work around this issue, disable the System cryptography: Use FIPS algorithms for encryption, hashing and signing security policy by using the Gpedit.msc tool for local security policy and the Gpmc.msc tool for domain security policy.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB977961, kbtshoot, kbexpertiseinter, kbsurveynew

↑ Back to the top

Article Info
Article ID : 977961
Revision : 2
Created on : 12/18/2009
Published on : 12/18/2009
Exists online : False
Views : 289