This topic provides practical steps to diagnose and resolve common issues encountered when enabling or operating in FIPS mode.”

POLMAN raises an error

You must have administrator privileges to use POLMAN. If you do not have the proper privileges, POLMAN returns the following:
proenv>polman set -policy urn:esam:fips140:can-run-without -value no
  ERROR: Administrator privileges required to set policy
  Failed to set policy value.

An instance fails to start

PAS for OpenEdge checks FIPS mode before starting an instance. If FIPS mode is enabled and the existing instance has not be unregister and registered, you receive an error message. 
FIPS mode detected and instance is not configured to run in FIPS mode
To resolve, you must:
  1. Unregister the instance.
  2. Register the instance to set the FIPS mode properties.
  3. Restart the instance.
Note: Instances created in FIPS mode will not run if FIPS mode is disabled.

Unable to dump and load data using Data Administration

In FIPS mode, XCODE-encrypted ABL code cannot run, which affects Data Administration dump/load utilities. To work around this, use the proutil utility to perform a binary dump/load.

Check logs for FIPS mode

A message indicating that FIPS mode is enabled is written to the following logs:

  • PAS for OpenEdge agent log files at startup
  • Client logs created using the -clientlog log-filename startup parameter
  • Database log file

Example:

FIPS mode is enabled
Note: This log message is not associated with any log entry type. As long as the logging level is greater than 0, this message is logged.

In addition, if a database is running in FIPS mode, a message is logged if the DB.Connects log entry type is turned on and the logging level is set to 2 or higher:

CONN           Database logical-name is running with FIPS mode enabled

See Database connection logging for more information.