Power BI fails with “Windows Platform FIPS validated cryptographic algorithms” error due to FIPS Algorithm Policy


Loading a Power BI report fails with error “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.”

UPDATE (Mar. 13, 2017) – We encountered this issue again with the latest March Power BI Desktop update when using .xls files as a data source. One potential workaround is to open your .xls file, save it as an .xlsx file, and then use that as the data source in Power BI Desktop. I have sent the stack trace and isolation notes to the product group and will update the blog entry with their decision. Special thanks to Andres Grullon for isolating the issue on this scenario!

UPDATE (Nov. 1, 2016) – The Power BI Desktop product team has accepted and fixed the bug. The fix will be part of an upcoming Power BI Desktop release.

UPDATE (Nov. 29, 2016) – The bug has been fixed and included in the November Power BI Desktop release. If you encounter issues related to this bug, please leave a comment below.

While testing application compatibility on Windows 10, my customer encountered an issue when opening a Power BI report in Power BI Desktop with an error stating “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms”.

ThisImplementationIsNotPartOfTheWindowsPlatformFIPSValidatedCryptographicAlgorithms

In another customer environment running both Windows 7 and Windows 10, we recently hit an issue where we were able to open Power BI Desktop and connect to data sources, but when attempting to add a visual, the visual outline would be displayed, but the data would not be displayed.

NoVisualDisplayed

We believe that we’ve identified the root cause for both issues to be a security hardening requirement added as part of the Windows 10 Security Technical Implementation Guideline. For additional details, see the following link:

https://www.stigviewer.com/stig/windows_10/2016-06-24/finding/V-63811

In order to work around this issue, the FIPS compliant algorithms setting must be disabled by one of the following techniques. NOTE: This will disable FIPS. Do not do this if it is required per your environmental security requirements.

  1. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing” to “Disabled”.
  2. Set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\ registry key to 0.

I am working with the Power BI Desktop team for a potential update/workaround and will update this blog entry as progress is made.

Thanks,
Sam Lester (MSFT)

 

Comments (3)

  1. Thanks for this post! I found there’s a third way to workaround the FIPS configuration by modifying the configuration file for Power BI and that only affects the behavior of Power BI Desktop, not the entire system. I just updated my blog post on this: https://blogs.technet.microsoft.com/justmeetingsnoactualwork/2016/10/25/power-bi-and-fips-do-not-play-well-together/ to describe the solution I found in the Power BI User Forums.

  2. Manfred Knorr says:

    I did a search on my PC for “Local Policies” and “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\ registry key”. It found neither. Any hint on where this is supposed to be?

    1. Hi Manfred, are you sure that you have FIPS enabled? The registry key gets set when FIPS is enabled (through GPO or manually). Are you hitting the FIPS error message in Power BI?

Skip to main content