AZR0001: Backup fails if FIPS compliant algorithms are enabled on VSA proxy
Symptom
A backup of Azure VMs fails if FIPS compliant algorithms are enabled for the security policy that is used for the VSA proxy that performs the backup.
The following error is displayed in the VSCloudFS.log file:
System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
Cause
This issue prevents the backup from reading disks and causes the download from Azure to fail.
The issue can occur with different Windows operating systems. For more information, see System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
Resolution
Disable the use of FIPS compliant algorithms:
-
On the VSA proxy, execute the following command in a Run window:
secpol.msc -
Check the value for Security Settings > Local Policies > Security Options > System Cryptography > Use FIPS complaint algorithms for encryption, hashing, and signing.
-
If the FIPS option is enabled, change the setting to Disabled.