Highlighted

Dell Command Update and FIPS mode: Error 1920

Installing the latest Dell Command Update Version 3.1.2 on a system with FIPS mode activated results in Error 1920. Service Dell Client Management Service (DellClientManagementService) failed to start.

Is there a different version of this tool that can be used by FIPS customers? If not, we need an update that uses FIPS validated cryptographic algorithms.


The Event Viewer clearly shows that it's because an insecure cryptographic provider, MD5, is being invoked by the service.

 

 

Service cannot be started. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args)
   at System.Security.Cryptography.MD5.Create()
   at Dell.Asimov.ServiceShell.Core.Channels.ValidatedNamedPipe.ValidatedNamedPipeChannelManager.GeneratePipeName(Uri listenUri)
   at Dell.Asimov.ServiceShell.Core.Channels.ValidatedNamedPipe.ValidatedNamedPipeChannelListener..ctor(ValidatedNamedPipeTransportBindingE...

 

 

 

0 Kudos
Reply
9 Replies
Highlighted

Re: Dell Command Update and FIPS mode: Error 1920

Note to DELL developers: You can replace all calls to MD5 with SHA1CryptoServiceProvider and it will work

https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.sha1cryptoserviceprovider?r...

0 Kudos
Reply
Highlighted
2 Bronze

Re: Dell Command Update and FIPS mode: Error 1920

Bump to this topic. We are having to turn FIPS mode on as part of a directive for the US federal government. This is going to progressively become more and more of an issue as more systems begin following this government wide directive to have FIPS on. In my office where I am early-adopting these settings, DCU no longer even installs (the service fails to start), let alone works.

 

Losing a tool like this is easily one of the biggest factors that would make me reconsider my suboffice stay with dell. They have nice tools to handle the management side of their hardware/software. If that stops working it's just another piece of hardware that I now have to manually maintain and update.

Reply
Highlighted

Re: Dell Command Update and FIPS mode: Error 1920

Thanks @Mgamerz, I have been going back and forth with Dell support on this topic. The last message I got from support was "we got an update from the L3 team to say this is working as designed. Let us know if you have any further queries."

I told them that answer was unacceptable. This doesn't need to go to L3 support, it needs to go to the software development team. I'm not sure how to get my ticket to that team. I recommend you open a ticket too. The more customers complain, the more likely they are to listen.

0 Kudos
Reply
Highlighted
2 Bronze

Re: Dell Command Update and FIPS mode: Error 1920

I've tried to open tickets with Dell about Dell Command Update. It never goes anywhere, it's pretty much pointless. I have never once had any support or feedback from Dell when I have reported issues on it. If it works, great, but if it doesn't you're SOL. 

One of the IT groups says they contacted Dell and did get someone to respond (they didn't say who) but that it would take a complete re-engineering of the application to work, so Dell wasn't going to. I mean, if I have to manually update all of my drivers now, I could just re-engineer my workforce onto someone like HP instead.

Reply
Highlighted

Re: Dell Command Update and FIPS mode: Error 1920

Poke the bear. The squeaky wheel and whatnot.

0 Kudos
Reply
Highlighted
2 Bronze

Re: Dell Command Update and FIPS mode: Error 1920

I gave up and wrote a powershell that uses dcu-cli.exe and writes the xml catalog to a file.  Then parse that file and perform the downloads and installs with powershell. @dirty_white_hat @Mgamerz 

 

 

0 Kudos
Reply
Highlighted

Re: Dell Command Update and FIPS mode: Error 1920

@Spamesare you able to open source your code on Github? If you want to share but don't have a github account I could make a site for this code to live on. Then we can all work on it together.

0 Kudos
Reply
Highlighted
2 Bronze

Re: Dell Command Update and FIPS mode: Error 1920

Shouldn’t be a problem to do that, but I haven’t tried before.  I’ll post a link here tomorrow. @dirty_white_hat 

0 Kudos
Reply
Highlighted
2 Bronze

Re: Dell Command Update and FIPS mode: Error 1920

@dirty_white_hat @Mgamerz 

Hope this helps someone, and sorry for my uncommented code...  I like using it with psexec and Taskpad View in ADUC to just click a computer and hit "Do Driver Updates".  Done!

https://github.com/julrich-usgs/nofips-dell-drivers

 

 

Reply