Hi all,
Today I noticed a problem with a customer's SOA setup. Avast Clients hadn't updated since October 10th and that coincided with the expiration of the password of the account the "avast! Administration Console" service was running as (not sure why it wasn't running as Network Service). Simple I thought, update the password the service runs as via services.msc and restart the service. Whilst that did allow me to now log into SOA no clients would "check in" (ie none of them are green)
Clients do now *appear* to be getting signature updates though.
I thought perhaps a uninstall /
clean reinstall of SOA would help - no joy.
Whilst reviewing logs in C:\ProgramData\AVAST Software\Administration Console\Logs I found the following (multiple times) in my Avast.Sbc.Service_*.log files...
11-04 20:32:07,702 [SchedulerWorker3] ERROR Scheduler - Error during client side job execution.
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException:
This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
--- End of inner exception stack trace ---
at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
at System.Security.Cryptography.MD5.Create(String algName)
at Avast.Sbc.Service.Core.MessageQueueManager.ForNode(Guid nodeId)
at Avast.Sbc.Service.Core.DisconnectedEngineLocator.FindEngineForNode(Node node)
at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
at Avast.Sbc.Service.Core.DisconnectedEngineLocator.FindEnginesForNodes(IEnumerable`1 nodes)
at Avast.Sbc.Scheduler.Core.Helper.ClientExecutableJobFactory.CreateExecutableJob(IEngineLocator engineLocator, IEnumerable`1 targetNodes, Job job)
at Avast.Sbc.Scheduler.Core.Scheduler.RunClientSideJob(Job job, ScheduleItem triggerItem)
It then dawned on me that I needed to enable "Use FIPS compliant algorithms for encryption, hashing an signing" policy to pass a Pen Test we had earlier in the year.
I wouldn't mind betting this is the first time the service had been restart since the pen test and as a result has been ignoring (unaware) of the "Use FIPS compliant algorithms for encryption, hashing an signing" policy until now.
So now I'm stuck, I can't really disable the "Use FIPS compliant algorithms for encryption, hashing an signing" policy, but I think if I leave it enabled SOA won't work correctly?
Any suggestions gratefully received!
Regards
Steve