Error in Encryption Desktop log when FIPS 140-2 operational and integrity checks are enabled

book

Article ID: 163582

calendar_today

Updated On:

Products

Encryption Desktop Powered by PGP Technology Encryption Management Server Encryption Management Server Powered by PGP Technology Desktop Email Encryption Desktop Email Encryption, Powered by PGP Technology File Share Encryption File Share Encryption Powered by PGP Technology

Issue/Introduction

Symantec Encryption Desktop 10.4 displays a popup with an error message after enabling FIPS 140-2 operational and integrity checks.

To enable FIPS 140-2 operational and integrity checks from the Encryption Management Server administration console, do the following:

  1. Navigate to Consumers / Consumer Policy.
  2. Click on the name of the policy you wish to modify.
  3. Click on the Symantec Encryption Desktop button.
  4. In the General tab, enable Activate FIPS 140-2 operational and integrity checks and click Save.

To enable FIPS 140-2 operational and integrity checks on a standalone client do the following:

  1. Open Symantec Encryption Desktop.
  2. Select Tools / Options from the main menu.
  3. In the Advanced tab, enable the option Activate FIPS 140-2 operational and integrity checks and save.

In about 30 seconds a popup appears stating:

"FIPS 140-2 integrity check failed (err=-11446)"

Cause

Symantec Encryption Desktop 10.4 and above operate in FIPS mode automatically.  Enabling the option for FIPS mode causes this error.

Environment

  • Symantec Encryption Desktop 10.4.
  • Symantec Encryption Management Server 3.4.

Resolution

Upgrade to Encryption Management Server 3.4.1 MP1 or above and Encryption Desktop 10.4.1 MP1 or above.

Note that enabling the option Activate FIPS 140-2 operational and integrity checks is not necessary in Encryption Desktop 10.4 and above because FIPS 140-2 operational and integrity checks are enabled by default.

See article 178330 for more information on which products are currently FIPS 140-2 validated.