When clicking the advanced button on a deploy image task you receive an error stating a critical error has occurred on this page

book

Article ID: 220914

calendar_today

Updated On:

Products

Deployment Solution IT Management Suite

Issue/Introduction

You may have imported a deployment image task from one server to another.  When you click on the Advanced button, you receive the following error:  A critical error has occurred on this page.  Check the Altiris logs for more information.

In addition you may not be able to use this task to deploy the image you have assigned it to.  When you attempt to do so, nothing happens on the endpoint.

When viewing the logs on the server you should see the following error:

Unhandled error

Legacy encryption is not supported in FIPS mode.
   [Altiris.NS.Exceptions.NSComException @ Altiris.NS]
   at Altiris.NS.Security.Cryptography.SymmetricKeyInfo.EncryptedData.GetLegacyAlgorithm(SymmetricKeyInfo keyInfo)
   at Altiris.NS.Security.Cryptography.SymmetricKeyInfo.EncryptedData.GetSymmetricAlgorithm(SymmetricKeyInfo keyInfo)
   at Altiris.NS.Security.Cryptography.SymmetricKeyInfo.GetAlgorithm(Byte[] encryptedData, Int32& headerSize, Int32& encryptedBufferSize)
   at Altiris.NS.Utilities.BasicCrypto.Decrypt(Byte[] encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.NS.Utilities.BasicCrypto.DecryptStringFromBase64String(String encryptedData, SymmetricKeyInfo keyInfo)
   at Altiris.Deployment.Common.Security.Transmogrify.DSDecryptStringFromBase64String(String input)
   at Altiris.Deployment.Common.DataClass.DeploymentCredentialData.Load(Guid credentialGuid)
   at Altiris.Deployment.DeploymentCredentialControl.set_CredentialGuid(Guid value)
   at Altiris.Deployment.ImageDeployHttpImagingAdvancedEditCtrl.SetInitialValues()
   at Altiris.Deployment.ImageDeployHttpImagingAdvancedEditCtrl.ImageDeployHttpImagingAdvancedEditCtrl_Load(Object sender, EventArgs e)
   at System.Web.UI.Control.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

COM Exception errcode: 0x8007700E

Exception logged from: 
   at Altiris.TaskManagement.UI.AltirisPageInstanceCachePage.OnAltirisPageInstanceCachePageError(Object, EventArgs)
   at System.Web.UI.TemplateControl.OnError(EventArgs)
   at System.Web.UI.Page.HandleError(Exception)
   at System.Web.UI.Page.ProcessRequestMain(Boolean, Boolean)
   at System.Web.UI.Page.ProcessRequest(Boolean, Boolean)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(System.Web.HttpContext)
   at Altiris.NS.UI.Controls.PageCachePage.ProcessRequest(System.Web.HttpContext)
   at Altiris.NS.UI.AltirisPage.ProcessRequest(System.Web.HttpContext)
   at System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStepImpl(System.Web.HttpApplication+IExecutionStep)
   at System.Web.HttpApplication.ExecuteStep(System.Web.HttpApplication+IExecutionStep, Boolean&)
   at System.Web.HttpApplication+PipelineStepManager.ResumeSteps(Exception)
   at System.Web.HttpApplication.BeginProcessRequestNotification(System.Web.HttpContext, AsyncCallback)
   at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(System.Web.Hosting.IIS7WorkerRequest, System.Web.HttpContext)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.UnsafeIISMethods.MgdIndicateCompletion(IntPtr, System.Web.RequestNotificationStatus&)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotificationHelper(IntPtr, IntPtr, IntPtr, Int32)
   at System.Web.Hosting.PipelineRuntime.ProcessRequestNotification(IntPtr, IntPtr, IntPtr, Int32)

 

Cause

In this particular situation FIPS has been enabled on the SMP server that you have imported the DS task into.  The originating server may or may not have FIPS enabled.

When you export a Deployment Solution task from an SMP server, and this task contains credentials, this is encrypted with FIPS compliant key that is unique for each SMP server. When you import this task on some other SMP, you have two situations:

  1. FIPS ON: you press Advanced button - credentials can't be decrypted with FIPS key (SMP does not have it) and SMP throws exception since it will not try to decrypt it using legacy key. That's why you see failure in console.
  2. FIPS OFF: you press Advanced button - credentials can't be decrypted with FIPS key (SMP does not have it) and SMP/DS decrypts it with legacy key. 

 

Environment

Release: 8.X

Resolution

The solution here is to synchronize encryption keys between servers. On the originating SMP server got to Settings->Notification Server->Notification Server Settings (last tab) and export encryption keys. It will create an XML. Then from the same dialog on the receiving SMP server import exported XML. After this you will be able to correctly process imported tasks.

Another option is to consider if you really need to have FIPS enabled on the receiving SMP.  If not, simply disable it.

Attachments