Symantec Encryption Desktop 10.4 displays a popup with an error message after enabling FIPS 140-2 operational and integrity checks.

To enable FIPS 140-2 operational and integrity checks from the Encryption Management Server administration console, do the following:

1. Navigate to Consumers / Consumer Policy.
2. Click on the name of the policy you wish to modify.
3. Click on the Symantec Encryption Desktop button.
4. In the General tab, enable Activate FIPS 140-2 operational and integrity checks and click Save.

To enable FIPS 140-2 operational and integrity checks on a standalone client do the following:

1. Open Symantec Encryption Desktop.
2. Select Tools / Options from the main menu.
3. In the Advanced tab, enable the option Activate FIPS 140-2 operational and integrity checks and save.

In about 30 seconds a popup appears stating:

"FIPS 140-2 integrity check failed (err=-11446)"

Symantec Encryption Desktop 10.4 and above operate in FIPS mode automatically.  Enabling the option for FIPS mode causes this error.

• Symantec Encryption Desktop 10.4.
• Symantec Encryption Management Server 3.4.

Upgrade to Encryption Management Server 3.4.1 MP1 or above and Encryption Desktop 10.4.1 MP1 or above.

Note that enabling the option Activate FIPS 140-2 operational and integrity checks is not necessary in Encryption Desktop 10.4 and above because FIPS 140-2 operational and integrity checks are enabled by default.

See article 178330 for more information on which products are currently FIPS 140-2 validated.