FATAL FIPS SELFTEST FAILURE message on RMS ( CCS data collections )

Article:TECH189992  |  Created: 2012-05-30  |  Updated: 2013-01-10  |  Article URL http://www.symantec.com/docs/TECH189992
Article Type
Technical Solution


Environment

Issue



FATAL FIPS SELFTEST FAILURE message on RMS ( CCS data collections )


Error



\fips\fips.c(146): Open SSL internal Error, assertion failed: FATAL FIPS SELFTEST FAILURE


Environment



CCS version; 10.5.1

What was the latest PCU applied?

PCU 2012-1 --- Product Version: 10.50.530.20300 - applied update to 10.50.530.20400 to data collections.
Applied update to all MQE hosts and updated ECS to finish the 2012-2 update.

What version AIX hosts is this occurring on?

"AIX","6.1

Are you running Agentbased or agentless bv-Control for Unix agents? Agentless

AIX security essentials standard for AIX servers

Related enhancements of 2011-4 Updates
The 2012-1 Update contains the rolled-up enhancements of the 2011-4 Update.
Enhancements in Control Compliance Suite
The 2011-4 Update of Control Compliance Suite contains the following

 


Cause



FIPS is enbled.

 Unix agent running does not have the latest rapid fires applied.

 Unix running in agentless mode does not require FIPS to be enabled.


Solution



Run a query that lists the latest rapid fires.  Evaluate query results to verify there are no agents that have any rapid fires below rf10548.  If there are, apply the latest rapid fires to that agent if it is a fips enabled agent.

Version at least: 

FIPS enabled Unix AIX agent version:10.50.33.20100

FIPS enabled Unix RedHat agent version:10.50.33.20100

FIPS enabled Unix SuSe agent version:10.50.33.20100

FIPS enabled Unix SunOS-sparc-32 agent version:10.50.33.20100

FIPS enabled Unix SunOS-386-32 agent version:10.50.33.20100

FIPS enabled Unix HP-UX-ia64-64 (itanium) agent version:10.50.33.20100

FIPS enabled Unix HP-UX-pa-risc-32 agent version:10.50.33.20100

To enable/disable FIPS ;

To run the setfips.vbs utility

1 Go to the command prompt and connect to the directory <product installation directory>\Program Files\Symantec\RMS\Tools:

2 Execute the command, cscript setfips.vbs /e to enable the FIPS mode on the Information Server.

Note: Restart the RMS console after running this utility

Execute the command, cscript setfips.vbs /d  to disable  the FIPS mode on the Information Server.

This utility sets the FIPS mode ON and the UNIX agents can be queried using the new encryption mechanism.  Unix running in agentless mode does not require FIPS to be enabled.


Attachments

Example of FIPS error
FIPS fatal error.bmp (24.6 MBytes)


Article URL http://www.symantec.com/docs/TECH189992


Terms of use for this information are found in Legal Notices