Otdfbt

Were Alexander the Great and Hephaestion lovers?

How to deal with apathetic co-worker?

What is the highest possible temporary AC at level 1, without any help from others?

Inward extrusion is not working

Project Euler #7 10001st prime in C++

This riddle is not to see but to solve

Would the US government be able to hold control if all electronics were disabled for an indefinite amount of time?

Can U.S. Tax Forms Be Legally HTMLified?

C++ Arduino IDE receiving garbled `char` from function

How to tell your grandparent to not come to fetch you with their car?

Is it a problem if <h4>, <h5> and <h6> are smaller than regular text?

Why did the Herschel Space Telescope need helium coolant?

Prime Sieve and brute force

Is counterpoint still used today?

Motivation - or how can I get myself to do the work I know I need to?

How Often Do Health Insurance Providers Drop Coverage?

Why didn't Voldemort recognize that Dumbledore was affected by his curse?

How to forge a multi-part weapon?

What is the actual quality of machine translations?

Taxi Services at Didcot

Are there any important biographies of nobodies?

Second (easy access) account in case my bank screws up

What is the highest possible permanent AC at character creation?

Passing multiple files through stdin (over ssh)

FIPS 140-2 on Windows 2012R2 with SQL 2014

FIPS “single-user mode” requirement in Microsoft WindowsRequirements for hosting a FIPS 140-2 level 1 applicationSQL 2012 -> SQL 2014 upgrade failureSQL Express Reporting Server 2014SQL Server Express 2014, Windows Authentication problemsAdvice about scaling out IIS and SQL Server 2014 on Windows Server 2012R2Group Policy Preferences item-level targeting propagationSQL Server 2014 - localhost port?Resolving FIPS Compliance Issues with Oracle 11gTest FIPS Enabled

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

I'm attempting to set my Microsoft SQL 2014 instance to use FIPS 140-2 complaint encryption as described in this KB article for SQL 2012, but it does not appear to be working. I do not see "FIPS" anywhere in the SQL service error logs. I set the FIPS option using the local security policy System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms.

As an aside, I tried setting the same policy via GPO security policy, but the security option did not change the computer's registry key of HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaFipsAlgorithmPolicyEnabled even though GPresults showed it being applied. I don't know if that's a hint or just another oddity. The GPO security policy did apply after two reboots.

I know Microsoft has come out recently about FIPS not being a necessity, but I need to be able to test an app soup-to-nuts with FIPS enabled on the DB.

Any ideas on how to force FIPS on the SQL instance?

sql-server fips-140-2

share|improve this question

edited Mar 3 '15 at 8:07

BrianCanFixIT

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

add a comment | 

1

I'm attempting to set my Microsoft SQL 2014 instance to use FIPS 140-2 complaint encryption as described in this KB article for SQL 2012, but it does not appear to be working. I do not see "FIPS" anywhere in the SQL service error logs. I set the FIPS option using the local security policy System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms.

As an aside, I tried setting the same policy via GPO security policy, but the security option did not change the computer's registry key of HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaFipsAlgorithmPolicyEnabled even though GPresults showed it being applied. I don't know if that's a hint or just another oddity. The GPO security policy did apply after two reboots.

I know Microsoft has come out recently about FIPS not being a necessity, but I need to be able to test an app soup-to-nuts with FIPS enabled on the DB.

Any ideas on how to force FIPS on the SQL instance?

sql-server fips-140-2

share|improve this question

edited Mar 3 '15 at 8:07

BrianCanFixIT

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

add a comment | 

I'm attempting to set my Microsoft SQL 2014 instance to use FIPS 140-2 complaint encryption as described in this KB article for SQL 2012, but it does not appear to be working. I do not see "FIPS" anywhere in the SQL service error logs. I set the FIPS option using the local security policy System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms.

As an aside, I tried setting the same policy via GPO security policy, but the security option did not change the computer's registry key of HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaFipsAlgorithmPolicyEnabled even though GPresults showed it being applied. I don't know if that's a hint or just another oddity. The GPO security policy did apply after two reboots.

I know Microsoft has come out recently about FIPS not being a necessity, but I need to be able to test an app soup-to-nuts with FIPS enabled on the DB.

Any ideas on how to force FIPS on the SQL instance?

sql-server fips-140-2

share|improve this question

edited Mar 3 '15 at 8:07

BrianCanFixIT

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

share|improve this question

edited Mar 3 '15 at 8:07

BrianCanFixIT

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

share|improve this question

edited Mar 3 '15 at 8:07

BrianCanFixIT

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

asked Mar 3 '15 at 7:58

BrianCanFixITBrianCanFixIT

2017

1 Answer
1

active

oldest

votes

0

Per the MS Article you reference, SQL Uses OS Crypto constraints (via SCHANNEL) therefore if you enabled it at the OS level, then you have enforced it at the DB Level as well.

Just to prove the point, if you disable SSL3 and TLS 1.0 (for SCHANNEL) on a server running SQL 2008 R2 and reboot, SQL will not start.

share|improve this answer

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f672646%2ffips-140-2-on-windows-2012r2-with-sql-2014%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Per the MS Article you reference, SQL Uses OS Crypto constraints (via SCHANNEL) therefore if you enabled it at the OS level, then you have enforced it at the DB Level as well.

Just to prove the point, if you disable SSL3 and TLS 1.0 (for SCHANNEL) on a server running SQL 2008 R2 and reboot, SQL will not start.

share|improve this answer

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1

add a comment | 

0

Per the MS Article you reference, SQL Uses OS Crypto constraints (via SCHANNEL) therefore if you enabled it at the OS level, then you have enforced it at the DB Level as well.

Just to prove the point, if you disable SSL3 and TLS 1.0 (for SCHANNEL) on a server running SQL 2008 R2 and reboot, SQL will not start.

share|improve this answer

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1

add a comment | 

Per the MS Article you reference, SQL Uses OS Crypto constraints (via SCHANNEL) therefore if you enabled it at the OS level, then you have enforced it at the DB Level as well.

Just to prove the point, if you disable SSL3 and TLS 1.0 (for SCHANNEL) on a server running SQL 2008 R2 and reboot, SQL will not start.

share|improve this answer

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1

share|improve this answer

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1

answered Nov 5 '15 at 8:06

LocutusOfBorgLocutusOfBorg

1