FATAL FIPS SELFTEST FAILURE message on RMS ( CCS data collections )
| Article:TECH189992 | | | Created: 2012-05-30 | | | Updated: 2013-01-10 | | | Article URL http://www.symantec.com/docs/TECH189992 |
Problem
FATAL FIPS SELFTEST FAILURE message on RMS ( CCS data collections )
Error
\fips\fips.c(146): Open SSL internal Error, assertion failed: FATAL FIPS SELFTEST FAILURE
Environment
CCS version; 10.5.1
What was the latest PCU applied?
PCU 2012-1 --- Product Version: 10.50.530.20300 - applied update to 10.50.530.20400 to data collections.
Applied update to all MQE hosts and updated ECS to finish the 2012-2 update.
What version AIX hosts is this occurring on?
"AIX","6.1
Are you running Agentbased or agentless bv-Control for Unix agents? Agentless
AIX security essentials standard for AIX servers
Related enhancements of 2011-4 Updates
The 2012-1 Update contains the rolled-up enhancements of the 2011-4 Update.
Enhancements in Control Compliance Suite
The 2011-4 Update of Control Compliance Suite contains the following
Cause
FIPS is enbled.
Unix agent running does not have the latest rapid fires applied.
Unix running in agentless mode does not require FIPS to be enabled.
Solution
Run a query that lists the latest rapid fires. Evaluate query results to verify there are no agents that have any rapid fires below rf10548. If there are, apply the latest rapid fires to that agent if it is a fips enabled agent.
Version at least:
FIPS enabled Unix AIX agent version:10.50.33.20100
FIPS enabled Unix RedHat agent version:10.50.33.20100
FIPS enabled Unix SuSe agent version:10.50.33.20100
FIPS enabled Unix SunOS-sparc-32 agent version:10.50.33.20100
FIPS enabled Unix SunOS-386-32 agent version:10.50.33.20100
FIPS enabled Unix HP-UX-ia64-64 (itanium) agent version:10.50.33.20100
FIPS enabled Unix HP-UX-pa-risc-32 agent version:10.50.33.20100
To enable/disable FIPS ;
To run the setfips.vbs utility
1 Go to the command prompt and connect to the directory <product installation directory>\Program Files\Symantec\RMS\Tools:
2 Execute the command, cscript setfips.vbs /e to enable the FIPS mode on the Information Server.
Note: Restart the RMS console after running this utility
Execute the command, cscript setfips.vbs /d to disable the FIPS mode on the Information Server.
This utility sets the FIPS mode ON and the UNIX agents can be queried using the new encryption mechanism. Unix running in agentless mode does not require FIPS to be enabled.
Article URL http://www.symantec.com/docs/TECH189992
Terms of use for this information are found in Legal Notices
Thank you.