When clicking the Advanced button on a Deploy Image task you receive an error stating a critical error has occurred on this page
search cancel

When clicking the Advanced button on a Deploy Image task you receive an error stating a critical error has occurred on this page

book

Article ID: 220914

calendar_today

Updated On:

Products

Deployment Solution IT Management Suite

Issue/Introduction

You may have imported a Deployment Image task from one server to another.  When you click on the Advanced button, you receive the following error: 

A critical error has occurred on this page.  Check the Altiris logs for more information.

In addition you may not be able to use this task to deploy the image you have assigned it to.  When you attempt to do so, nothing happens on the endpoint.

When viewing the logs on the server you should see the following error:

Unhandled error

Legacy encryption is not supported in FIPS mode.
   [Altiris.NS.Exceptions.NSComException @ Altiris.NS]
   at Altiris.NS.Security.Cryptography.SymmetricKeyInfo.EncryptedData.GetLegacyAlgorithm(SymmetricKeyInfo keyInfo)
   at Altiris.NS.Security.Cryptography.SymmetricKeyInfo.EncryptedData.GetSymmetricAlgorithm(SymmetricKeyInfo keyInfo)
   at Altiris.NS.Security.Cryptography.SymmetricKeyInfo.GetAlgorithm(Byte[] encryptedData, Int32& headerSize, Int32& encryptedBufferSize)
   at Altiris.NS.Utilities.BasicCrypto.Decrypt(Byte[] encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.NS.Utilities.BasicCrypto.DecryptStringFromBase64String(String encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.Deployment.Common.Security.Transmogrify.DSDecryptStringFromBase64String(String input)
   at Altiris.Deployment.Common.DataClass.DeploymentCredentialData.Load(Guid credentialGuid)
   at Altiris.Deployment.DeploymentCredentialControl.set_CredentialGuid(Guid value)
   at Altiris.Deployment.ImageDeployHttpImagingAdvancedEditCtrl.SetInitialValues()
   at Altiris.Deployment.ImageDeployHttpImagingAdvancedEditCtrl.ImageDeployHttpImagingAdvancedEditCtrl_Load(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

COM Exception errcode: 0x8007700E

Exception logged from: 
   at Altiris.TaskManagement.UI.AltirisPageInstanceCachePage.OnAltirisPageInstanceCachePageError(Object, EventArgs)
   at System.Web.UI.TemplateControl.OnError(EventArgs)
   at System.Web.UI.Page.HandleError(Exception)
   at System.Web.UI.Page.ProcessRequestMain(Boolean, Boolean)
   at System.Web.UI.Page.ProcessRequest(Boolean, Boolean)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(System.Web.HttpContext)
   at Altiris.NS.UI.Controls.PageCachePage.ProcessRequest(System.Web.HttpContext)
   at Altiris.NS.UI.AltirisPage.ProcessRequest(System.Web.HttpContext)
   at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
   at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)

Environment

ITMS 8.x

DS 8.x

Cause

In this particular situation FIPS had been enabled on the SMP server that the DS task was imported into.  The originating server may or may not have FIPS enabled.

When exporting a Deployment Solution task from an SMP server, and the task contains credentials, this is encrypted with the FIPS compliant key that is unique for each SMP server. When you import this task on another SMP, you have two situations:

  1. FIPS ON: you press Advanced button - credentials can't be decrypted with FIPS key (SMP does not have it) and SMP throws exception since it will not try to decrypt it using legacy key. That's why you see the failure in console.
  2. FIPS OFF: you press Advanced button - credentials can't be decrypted with FIPS key (SMP does not have it) and SMP/DS decrypts it with legacy key. 

Resolution

The solution is to synchronize encryption keys between servers. On the originating SMP server go to Settings->Notification Server->Notification Server Settings (last tab) and export the encryption keys. This will create an XML file. Then from the same SMP Console location on the receiving SMP server import the exported XML file. After doing this you will be able to correctly process the imported tasks.

Another option is to consider if you really need to have FIPS enabled on the receiving SMP.  If not, simply disable it.