Installing the latest Dell Command Update Version 3.1.2 on a system with FIPS mode activated results in Error 1920. Service Dell Client Management Service (DellClientManagementService) failed to start.
Is there a different version of this tool that can be used by FIPS customers? If not, we need an update that uses FIPS validated cryptographic algorithms.
The Event Viewer clearly shows that it's because an insecure cryptographic provider, MD5, is being invoked by the service.
Service cannot be started. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor() --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture) at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object args) at System.Security.Cryptography.MD5.Create() at Dell.Asimov.ServiceShell.Core.Channels.ValidatedNamedPipe.ValidatedNamedPipeChannelManager.GeneratePipeName(Uri listenUri) at Dell.Asimov.ServiceShell.Core.Channels.ValidatedNamedPipe.ValidatedNamedPipeChannelListener..ctor(ValidatedNamedPipeTransportBindingE...
Note to DELL developers: You can replace all calls to MD5 with SHA1CryptoServiceProvider and it will work
Bump to this topic. We are having to turn FIPS mode on as part of a directive for the US federal government. This is going to progressively become more and more of an issue as more systems begin following this government wide directive to have FIPS on. In my office where I am early-adopting these settings, DCU no longer even installs (the service fails to start), let alone works.
Losing a tool like this is easily one of the biggest factors that would make me reconsider my suboffice stay with dell. They have nice tools to handle the management side of their hardware/software. If that stops working it's just another piece of hardware that I now have to manually maintain and update.
Thanks @Mgamerz, I have been going back and forth with Dell support on this topic. The last message I got from support was "we got an update from the L3 team to say this is working as designed. Let us know if you have any further queries."
I told them that answer was unacceptable. This doesn't need to go to L3 support, it needs to go to the software development team. I'm not sure how to get my ticket to that team. I recommend you open a ticket too. The more customers complain, the more likely they are to listen.
I've tried to open tickets with Dell about Dell Command Update. It never goes anywhere, it's pretty much pointless. I have never once had any support or feedback from Dell when I have reported issues on it. If it works, great, but if it doesn't you're SOL.
One of the IT groups says they contacted Dell and did get someone to respond (they didn't say who) but that it would take a complete re-engineering of the application to work, so Dell wasn't going to. I mean, if I have to manually update all of my drivers now, I could just re-engineer my workforce onto someone like HP instead.
Hope this helps someone, and sorry for my uncommented code... I like using it with psexec and Taskpad View in ADUC to just click a computer and hit "Do Driver Updates". Done!