Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3616: Unable to enroll devices with FIPS enabled

App Access Service ,  

12 April,16 at 11:47 AM

Applies to: Centrify Identity Service

Problem:
After installation of the Centrify Cloud Management Suite, the Connection tests for Certificates and Cloud to Proxy Communications checks will fail. Device enrollment attempts will not complete and the following error is displayed: 

"Warning: network environment validation has failed for one or more required portions. This environment may not be appropriately configured to support the Cloud Proxy Server component at this time" 

 

 

 

 

 

 

 

 

 

 

 

 

 




 




Cause:
This error can be displayed if System Cryptography: use FIPS compliant algorithm is enabled in Group Policy. The Centrify Cloud Proxy is not currently FIPS compatible 

Solution:
The System Cryptography: use FIPS compliant algorithm option must be disabled in Group Policy to allow Cloud to Proxy server communications. FIPS can be disabled by performing the following: 

1. Open Group Policy Management and edit the Default Domain Policy GPO

2. In the Group Policy Management Editor, navigate to:

  Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > System Cryptography: Use FIPS compliant algorithms for encryption, hashing and signing

3. Disable the policy for FIPS

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-9412: Unable to Enroll Windows 10 Device with SCCM installed articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-3925: How to add Centrify parameter to a group policy articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-9610: Getting "Network unavailable" error when a User is trying to enroll a device with a QR code articleKB-3016: Troubleshooting steps for mobile device enrollment