January 23, 2008 at 5:27 pm
I'm following the instructions in KB920995 to setup up a SQL Server 2005 SP2 instances to be FIPS 140-2 compliant. I've enabled the local security policy "System cryptograpy:....". Stopped, and restored SQL server, even rebooted my machine. But I can't get the SQL Server ERRORLOG file to contain the message "Service Broker Transport is running in FIPS compliance mode". I'm wondering if Service Broker needs to be enabled, because I see this error message in the log "The Service Broker protocol transport is disabled or not configured."
Any thoughts on what additional steps I need to take to get my SQL Server 2005 SP2 version running on Windows XP to run in FIPs 140-2 compliance mode? Is XP not a certified OS for FIPS 140-2?
Any suggestions would be greatly appreciated.
Gregory A. Larsen, MVP
April 10, 2008 at 12:09 pm
Greg,
I have the same issue but on a Windows 2003 Server with SQL Server 2005 - SP2. I don't see the message in the SQL Server error log either.
Did you ever come up with a solution for this?
Thanks.
Mary Ann
April 10, 2008 at 7:24 pm
No I didn't resolve it, and I moved on to other things. I was only working on this in a test environment,and trying to be proactive so I knew how it all worked before I was asked to implement something. If I recall correctly in order to get it to work I think I needed to have a valid certificate installed on my SQL Server machine, or the domain controller, or both. Wish I could give you more to go on.
Gregory A. Larsen, MVP
April 11, 2008 at 7:17 am
Thanks for the reply Greg. We do have a valid certificate, so we must be missing something else having to do with the Service Broker.
-Mary Ann
April 12, 2008 at 12:46 am
What entries in the SQL Server log do you see for Service Broker?
K. Brian Kelley
@kbriankelley
April 12, 2008 at 12:14 pm
Service Broker references in the SQL Error Log file - appear in in this order:
The Service Broker protocol transport is disabled or not configured.
Service Broker manager has started.
I thought our problem might have to do with the Service Broker but I know nothing about configuring. If this is the issue, can you help me with this?
We do have a certificate and see this message in the SQL Error Log:
The certificate was successfully loaded for encryption.
Thanks Brian!
-Mary Ann
April 13, 2008 at 12:36 pm
All right, prior to me configuring a Service Broker endpoint, I saw the following messages related to Server Broker in my SQL logs:
The Service Broker protocol transport is disabled or not configured.
Service Broker manager has started.
I did not see the following:
Service Broker transport is running in FIPS compliance mode
However, upon creating a Service Broker endpoint (I didn't need to restart SQL Server) via:
CREATE ENDPOINT BrokerEndpoint
STATE=STARTED
AS TCP (LISTENER_PORT=9999)
FOR SERVICE_BROKER (AUTHENTICATION=WINDOWS,
ENCRYPTION=REQUIRED ALGORITHM AES)
I received the following messages in the SQL Log:
Server is listening on ['any' <ipv4> 9999].
The Service Broker protocol transport is now listening for connections.
Service Broker transport is running in FIPS compliance mode. This is an informational message only. No user action is required.
So you apparently will only get the notice listed in the KB if you have a Service Broker endpoint configured.
K. Brian Kelley
@kbriankelley
April 17, 2008 at 7:32 am
Brian,
Thanks so much! I tested this yesterday and it worked great!
Thanks again!
-Mary Ann
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply