Home
  •  

MSSQL 2014: SQL Server Service Broker cannot use RC4 encryption algorithm when running in FIPS compliance mode

Microsoft.SQLServer.2014.SQL_Server_Service_Broker_cannot_use_RC4_encryption_algorithm_when_running_in_FIPS_compliance_mode_5_Rule (Rule)

SQL Server Service Broker has a conversation where at least one endpoint has been configured to use RC4 encryption and the server is set for Federal Information Processing Standard (FIPS) compliance mode. RC4 encryption is not supported when running in FIPS compliance mode.

Knowledge Base article:

Summary

SQL Server Service Broker has a conversation where at least one endpoint has been configured to use RC4 encryption and the server is set for Federal Information Processing Standard (FIPS) compliance mode. RC4 encryption is not supported when running in FIPS compliance mode.

Causes

The local security setting is System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing . This message is written to the Windows application log as MSSQLSERVER event ID 28078.

Resolutions

Use ALTER ENDPOINT to specify a supported algorithm.

External

For more information, see "ALTER ENDPOINT (Transact-SQL)" in Microsoft SQL Server 2014 Books Online.

Overridable Parameters

Name

Description

Default Value

Enabled

Enables or disables the workflow.

Yes

Priority

Defines Alert Priority.

1

Severity

Defines Alert Severity.

2

Element properties:

TargetMicrosoft.SQLServer.2014.DBEngine
CategoryEventCollection
EnabledTrue
Event_ID28078
Event Source$Target/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.DBEngine"]/ServiceName$
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
RemotableTrue
Alert Message
MSSQL 2014: SQL Server Service Broker cannot use RC4 encryption algorithm when running in FIPS compliance mode
{0}
Event LogApplication
CommentMom2014ID='{945A6297-4BF8-4948-9920-5489E951CF28}';MOM2014GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Microsoft.SQLServer.2014.SQL_Server_Service_Broker_cannot_use_RC4_encryption_algorithm_when_running_in_FIPS_compliance_mode_5_Rule" Target="SQL2014Core!Microsoft.SQLServer.2014.DBEngine" Enabled="true" ConfirmDelivery="true" Remotable="true" Comment="Mom2014ID='{945A6297-4BF8-4948-9920-5489E951CF28}';MOM2014GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>28078</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>$Target/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.DBEngine"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SQLServer.2014.SQL_Server_Service_Broker_cannot_use_RC4_encryption_algorithm_when_running_in_FIPS_compliance_mode_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>Event ID: $Data/EventDisplayNumber$. $Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>