Hello people,
Good night!
In this post I will comment on some of the difficulties I faced in a BI industry project in the company I work for, where we decided to implement the recently launched Microsoft Reporting Services 2016 (which incorporated Datazen, acquired by Microsoft) for the provision of reports, dashboards, KPIs. and Sales and Billing dashboards via the internet, without the need to connect to a VPN, but using Active Directory authentication.
One of the big gains this project will bring to the company is the ability to view this information on web devices (Chrome, Firefox, Internet Explorer and any other browser), Tablets and mobile devices (iOS and Android).
For the implementation of the required framework, the DBA Tiago Neves performed the installation and configuration of SQL Server 2016 + Reporting Services and made the environment available to the BI team. However, when trying to publish any report using SQL Server Mobile Report Publisher, the following error message was generated:
Could not save report. Something went wrong. Try again later
As you can see, this error message is very generic and does not help much in identifying and solving the problem. So, me, Tiago and DBA Caroline, we started analyzing the Reporting Services log files, which are usually located in “C: \ Program Files \ Microsoft SQL Server \MSRS13.YourInstance\ Reporting Services \ LogFiles ”, we found the following error message:
System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation. - System.InvalidOperationException This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
With this message we were able to understand what was really happening: The server had FIPS data encryption settings enabled, and Reporting Services by default does not support this configuration, as we can read on a Microsoft blog: “This is happening because FIPS is enabled on the Reporting Services server and Report Manager does not support the Local Security Policy 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' ”(source here).
We talked to the company security analyst and he advised us not to disable this setting on the server due to a company security policy.
Disabling FIPS
For testing purposes only, and in the Development environment, we disabled FIPS and Reporting Services behaved normally, allowing us to save and publish reports without any problems.
To disable this setting, simply access the Windows registry, find the “HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa \ fipsalgorithmpolicy” setting and change the “Enabled” key to 0.
After that, restart the Reporting Services service and SQL Server Mobile Report Publisher will function normally.
Resolving the problem without disabling FIPS
Since we could not change this setting on the servers, we need to look for another solution to solve this problem. After much research, James found a solution in the Technet Forumwhere you need to change the file machine.config .NET Server Framework (Usually located at C: \ Windows \ Microsoft.NET \ Framework64 \ v4.0.30319 \ Config) and add the following setting to the end of the file:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
<mscorlib> <cryptographySettings> <cryptoNameMapping> <cryptoClasses> <cryptoClass SHA256CSP="System.Security.Cryptography.SHA256CryptoServiceProvider, System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> </cryptoClasses> <!-- name mappings --> <nameEntry name="SHA256" class="SHA256CSP" /> <nameEntry name="SHA256CryptoServiceProvider" class="SHA256CSP" /> <nameEntry name="System.Security.Cryptography.SHA256CryptoServiceProvider" class="SHA256CSP" /> <nameEntry name="System.Security.Cryptography.SHA256" class="SHA256CSP"/> </cryptoNameMapping> </cryptographySettings> </mscorlib> |
This configuration basically forces the .NET Framework, used by the SQL Server Mobile Report Publisher tool, to use the SHA256 encryption algorithm instead of FIPS, which has been incompatible with Reporting Services since the 2005 release.
I recommend creating a backup of this file before editing it. After editing the file, simply restarting the Reporting Services service will cause SQL Server Mobile Report Publisher to function normally, without disabling instance FIPS.
Another solution to this problem is by following the steps in the post. SQL Server - How to encrypt and decrypt passwords (with Salt) using CLR (C #), where I came across this error message when using algorithms not compliant with FIPS standards in SQL Server using CLR (C #).
I hope you enjoyed this post that I made in conjunction with the Tiago Neves Until next post!
Hug!
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
