Bug 59869 - Cannot connect Mac Agent when Domain environment requires FIPS crypto.
Summary: Cannot connect Mac Agent when Domain environment requires FIPS crypto.
Status: CONFIRMED
Alias: None
Product: Visual Studio Extensions
Classification: Xamarin
Component: XMA (show other bugs)
Version: 4.7.0 (15.4)
Hardware: PC Windows
: --- critical
Target Milestone: ---
Assignee: mag@xamarin.com
URL:
Depends on:
Blocks:
 
Reported: 2017-09-29 18:51 UTC by Bill Ward
Modified: 2017-10-02 15:20 UTC (History)
5 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Bill Ward 2017-09-29 18:51:56 UTC
# Steps to reproduce
1. Set up the restrictive policy that our GPO requires:
  Open the registry editor and browse the following path. Make sure this registry subkey is set to 1: 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy\Enabled
2.  Attempt to connect a Mac agent (not sure if a previously existing Agent connection will bypass the error?).
(before you ask, relaxing this policy is not possible without leaving the domain :-)

# Expected behavior
Successful connection, even in Manual Mode, to Mac Agent

# Actual behavior
Add Mac... Dialog gives the error "Couldn't retrieve SSH Fingerprint.  Please ensure the Mac is reachable and Remote Login is enabled".
(The Mac is reachable, and ssh from git/bash connects just as expected.  FIPS-related error message detailed in the log below:)

# Supplemental info (logs, images, videos)
Ide.log summary of a connection attempt:
Xamarin.VisualStudio.IOS.XamarinIOSPackage|Warning|0|Initializing Xamarin.VisualStudio.IOS.XamarinIOSPackage.
Xamarin.VisualStudio.Remote.RemoteServer|Error|0|Could not retrieve fingerprint.
System.OperationCanceledException: Could not retrieve fingerprint. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
   at System.Security.Cryptography.MD5CryptoServiceProvider..ctor()
   --- End of inner exception stack trace ---
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle, TimeSpan timeout)
   at Renci.SshNet.Session.WaitOnHandle(WaitHandle waitHandle)
   at Renci.SshNet.Session.Connect()
   at Renci.SshNet.BaseClient.Connect()
   at Xamarin.Messaging.Ssh.SshFingerprintRetriever.<>c__DisplayClass1_0.<RetrieveFingerprintAsync>b__1() in C:\d\lanes\5126\bd7e3753\source\xamarinvs\src\Messaging\Xamarin.Messaging.Ssh\SshFingerprintRetriever.cs:line 47
   --- End of inner exception stack trace ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Xamarin.Messaging.Ssh.SshFingerprintRetriever.<RetrieveFingerprintAsync>d__0.MoveNext() in C:\d\lanes\5126\bd7e3753\source\xamarinvs\src\Messaging\Xamarin.Messaging.Ssh\SshFingerprintRetriever.cs:line 24
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Xamarin.VisualStudio.Remote.FingerprintRetriever.<RetrieveFingerprintAsync>d__2.MoveNext() in C:\d\lanes\5126\bd7e3753\source\xamarinvs\src\Core\Xamarin.VisualStudio.Remote\FingerprintRetriever.cs:line 20
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Xamarin.VisualStudio.Remote.RemoteServer.<AskForCredentialsAsync>d__58.MoveNext() in C:\d\lanes\5126\bd7e3753\source\xamarinvs\src\Core\Xamarin.VisualStudio.Remote\RemoteServer.cs:line 280
Xamarin.VisualStudio.IOS.SettingsProvider|Information|0|Restarting IDB agent to refresh new Xcode location settings...

# Test environment (full version information)
Windows 10 x64 Enterprise
Microsoft Visual Studio Community 2017 
Version 15.3.5
VisualStudio.15.Release/15.3.5+26730.16
Microsoft .NET Framework
Version 4.7.02046

Installed Version: Community

Visual Basic 2017   00369-60000-00001-AA475
Microsoft Visual Basic 2017

Visual C# 2017   00369-60000-00001-AA475
Microsoft Visual C# 2017

Visual C++ 2017   00369-60000-00001-AA475
Microsoft Visual C++ 2017

Visual F# 4.1   00369-60000-00001-AA475
Microsoft Visual F# 4.1

Application Insights Tools for Visual Studio Package   8.8.00712.1
Application Insights Tools for Visual Studio

ASP.NET and Web Tools 2017   15.0.30726.0
ASP.NET and Web Tools 2017

ASP.NET Core Razor Language Services   1.0
Provides languages services for ASP.NET Core Razor.

ASP.NET Template Engine 2017   15.0.30726.0
ASP.NET Template Engine 2017

ASP.NET Web Frameworks and Tools 2017   5.2.50601.0
For additional information, visit https://www.asp.net/

Azure App Service Tools v3.0.0   15.0.30728.0
Azure App Service Tools v3.0.0

Common Azure Tools   1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.

Cookiecutter   3.0.17240.1
Provides tools for finding, instantiating and customizing templates in cookiecutter format.

JavaScript Language Service   2.0
JavaScript Language Service

JavaScript Project System   2.0
JavaScript Project System

JavaScript UWP Project System   2.0
JavaScript UWP Project System

Merq   1.1.17-rc (cba4571)
Command Bus, Event Stream and Async Manager for Visual Studio extensions.

Microsoft Azure Tools   2.9
Microsoft Azure Tools for Microsoft Visual Studio 2017 - v2.9.50719.1

Microsoft Continuous Delivery Tools for Visual Studio   0.3
Simplifying the configuration of continuous build integration and continuous build delivery from within the Visual Studio IDE.

Microsoft JVM Debugger   1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Microsoft MI-Based Debugger   1.0
Provides support for connecting Visual Studio to MI compatible debuggers

Microsoft Visual C++ Wizards   1.0
Microsoft Visual C++ Wizards

Microsoft Visual Studio VC Package   1.0
Microsoft Visual Studio VC Package

Mono Debugging for Visual Studio   4.6.8-pre (ec7034f)
Support for debugging Mono processes with Visual Studio.

NuGet Package Manager   4.3.1
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

Python   3.0.17240.1
Provides IntelliSense, projects, templates, debugging, interactive windows, and other support for Python developers.

Python - Django support   3.0.17240.1
Provides templates and integration for the Django web framework.

Python - IronPython support   3.0.17240.1
Provides templates and integration for IronPython-based projects.

Python - Profiling support   3.0.17240.1
Profiling support for Python projects.

SQL Server Data Tools   15.1.61707.200
Microsoft SQL Server Data Tools

TypeScript   2.3.4.0
TypeScript tools for Visual Studio

Visual C++ for Cross Platform Mobile Development (Android)   15.0.26724.01
Visual C++ for Cross Platform Mobile Development (Android)

Visual Studio Code Debug Adapter Host Package   1.0
Interop layer for hosting Visual Studio Code debug adapters in Visual Studio

Visual Studio tools for CMake   1.0
Visual Studio tools for CMake

Visual Studio Tools for Universal Windows Apps   15.0.26730.08
The Visual Studio Tools for Universal Windows apps allow you to build a single universal app experience that can reach every device running Windows 10: phone, tablet, PC, and more. It includes the Microsoft Windows 10 Software Development Kit.

Xamarin   4.7.9.45 (bd7e3753c)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin.Android SDK   7.4.5.1 (fb018c5)
Xamarin.Android Reference Assemblies and MSBuild support.

Xamarin.iOS and Xamarin.Mac SDK   11.0.0.0 (152b654)
Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support.

Mac Xamarin is 11.0.0.0; Xcode 8 recent download; MacOS Sierra 10.12.6
Comment 1 mag@xamarin.com 2017-10-02 15:20:03 UTC
Changing component to XMA

Note You need to log in before you can comment on or make changes to this bug.