ArcGIS Server 10 on W2K8R2 and FIPS compliant algorithms for encryption

Discussion created by weiland00 on Apr 2, 2012
Latest reply on Oct 24, 2012 by rkilinski
I have recently had to migrate to a new W2K8R2 server and took the opportunity to move ArcGIS Server 10.  The Web Post Install would not run on the server which was not joined to the domain (i.e. no GPOs).  ESRI support had me disable the security policy > "System cryptography: Use FIPS compliant algorithms for encryption" in the local security policy and everything worked.  Upon joining the server to the domain, a GPO re-enabled that policy and blocks the ability to disable it in order to comply with DOD security policies.  Now the SOM/SOC still work but the Web end points fail.

ESRI customer support pointed me to a bug report (NIM067659) and says that the only solution is to disable the "System cryptography: Use FIPS compliant algorithms for encryption" policy- which isn't possible under the GPOs and ESRI's technical documents (http://resources.arcgis.com/content/enterprisegis/10.0/security_compliance) clearly state that "Esri products are compatible with enabling the �??Use FIPS compliant algorithms for encryption, hashing, and signing�?� security setting in Windows XP and later versions of Windows". 

Has anyone else found a solution to this as I can't be the only DOD user to run up against this problem?