cancel
Showing results for 
Search instead for 
Did you mean: 

MD5 no allowed in FIPS modes (Error:1216)

SOLVED
New Contributor

MD5 no allowed in FIPS modes (Error:1216)

Assisting a remote user in connecting to our VPN, and they get the following error after attempting to log in:

"MD5 not allowed in FIPS modes (Error:1216)
MD5 hash for ESP is not allowed when client is running with FIPS mode enabled. Please contact your network administrator."
 
OS X 10.15.7
Pulse 9.1r7.0
 
Since they had Pulse installed from their previous institution, we uninstalled Pulse and installed our own copy but experiense the same issue. I suspect either there is a configuration file that doesn't get removed when uninstalling Pulse, or it's a local encryption that's triggering the policy block.
 
I haven't found the cause for this error outside of the nebulous answer "MD5 is not compliant with FIPS", and would appreciate any insight.
1 ACCEPTED SOLUTION

Accepted Solutions
Moderator

Re: MD5 no allowed in FIPS modes (Error:1216)

@abro0004 FIPS mode in Pulse Client will be enforced by having the connection store (connstore.dat) updated with value FIPSClient: "true"

 

Did you choose NOT to save the configuration while uninstalling the Pulse Client? if we continue with default (YES), then the FIPS setting will be retained.

 

# VPN server's connection profile can also be changed to have a secure Algo. like ESP AES256/SHA256, and that should also resolve this issue.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

3 REPLIES 3
Moderator

Re: MD5 no allowed in FIPS modes (Error:1216)

@abro0004 FIPS mode in Pulse Client will be enforced by having the connection store (connstore.dat) updated with value FIPSClient: "true"

 

Did you choose NOT to save the configuration while uninstalling the Pulse Client? if we continue with default (YES), then the FIPS setting will be retained.

 

# VPN server's connection profile can also be changed to have a secure Algo. like ESP AES256/SHA256, and that should also resolve this issue.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

New Contributor

Re: MD5 no allowed in FIPS modes (Error:1216)

The customer was using a Macbook, and wasn't prompted whether she wanted to save the configuration settings when we uninstalled Pulse, otherwise we would've deleted them (based on my experience with other issues in Windows requiring such a solution).

 

We tried to actively search for any remaining Pulse files but couldn't find any. Since the customer found a viable workaround, I'm not able to verify if we missed the configuration file.

 

Thanks

Moderator

Re: MD5 no allowed in FIPS modes (Error:1216)

Thank you for the feedback.
PCS Expert
Pulse Connect Secure Certified Expert