Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Distribution Service will not Start Error 1067 or Event ID 1026 in Server Logs

No ratings
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

Distribution Service will not Start Error 1067 or Event ID 1026 in Server Logs

Last Update:

Sep 17, 2020 2:31:54 AM

Updated By:

Sonja_Bauernfeind

Created date:

Jan 9, 2017 9:33:49 AM

The Distribution Service may not start and an error 1067 is possibly thrown, or the service stops after a few seconds.

The Application log logs:

Exception when creating CryptoServiceProvider: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. Local Security Policy -> Security Options -> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - should be disabled 

And a .Net Runtime error:

Exception Info: System.InvalidOperationsException
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
at QDSMain.Clustering.DefaultClusterNotification.Work.Thread()
...

See screencap:

User-added image


 

Environment:

QlikView 12.10 and alter versions

 

Resolution:


The issue is a result of a Code change from FileWriteTime to an MD5 Hash for the notification files related to the QDS services. If FIPS is enabled, it may result in the error. This is considered to be working as designed. 

For information on FIPS support for QlikView, see Qlk Software and FIPS mode 



Workaround:

The FIPS policy needs to be disabled in the local Security Policy applet in order for the QDS service(s) to run properly.

User-added image

Also see:
https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/
https://technet.microsoft.com/en-us/library/dn135243(v=ws.10).aspx


 

Labels (1)
Labels:
3,178 Views
Was this article helpful? Yes No
Comments
Cynicszm
Partner - Contributor II
Partner - Contributor II
‎2023-11-09 08:06 AM

As a workaround if you cannot disable the Local Security Policy setting you can edit the QVDistributionService.exe.config to set the Enforce FIPS Policy element to false.

Arguably if Qlik is not going to change the signing algorithm then this should be set by Qlik during install to avoid issues when installing.

See https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspol... for the policy element and a snippet for the .config file below

<runtime>
<!-- Other settings -->
<enforceFIPSPolicy enabled = "false"/>
</runtime>

 

Contributors
Version history
Last update:
‎2020-09-17 02:31 AM
Updated by:
Digital Support