davidenco 1 Posted May 11, 2018 Share Posted May 11, 2018 I am running Exchange 2013 CU20 with EMSX 6.5.10055.0. Since 10:09 today, Windows Event Log has been recording weird events and the Greylisting log in EMSX has not changed, so I suspect Greylisting is no longer working. It looks like every time an email comes in and triggers Greylisting, the entry appears in Windows Event Log, so I am not sure what is happening to those emails either. Potentially emails are being lost here. The log entry is as follows: XmonSmtpAgent: Failed to create greylisting engine. System.TypeInitializationException: The type initializer for 'XmonAgent.XmonGreylistingEngine' threw an exception. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.SHA256Managed..ctor() at XmonAgent.XmonGreylistingEngine..cctor() --- End of inner exception stack trace --- at XmonAgent.XmonGreylistingEngine.GreylistingStatistics.Reset() at XmonAgent.XmonGreylistingEngine..ctor(UInt32 nDataHashMapSize, UInt32 nDataHashMapItemListSize) at XmonAgent.XmonSmtpAgentFactory.CreateAgent(SmtpServer server) I have tried disabling transport protection, Greylisting and each of the modules in EMSX and re-enabling one-by-one but to no avail. The server has also been rebooted, but again no difference. A support ticket has been logged with technical support but so far nothing, so I thought I'd post here. Any help would be greatly appreciated. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted May 15, 2018 ESET Moderators Share Posted May 15, 2018 Hello @davidenco , can you please open a ticket with your local support and provide them with a ESET log collector output to check? As it seems you are able to reproduce the issue easily can you please set the logging verbosity to diagnostics, reproduce the issue and collect the logs than so they will contain more detailed data? Please do not forget to revert the logging verbosity setting back, once the log collection is done. Regards, P.R. Link to comment Share on other sites More sharing options...
davidenco 1 Posted May 15, 2018 Author Share Posted May 15, 2018 I have done some digging and found that the message “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms” is related to a local security option which was enabled on the server; something that is usually disabled by default. By disabling the option and rebooting, Greylisting just started working by itself and therefore the issue is now resolved. The option is found in: Administrative Tools > Local Security Policy > Local Policies > Security Options > "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing." Not sure why enabling this option should cause Greylisting to fail though? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted May 16, 2018 ESET Moderators Share Posted May 16, 2018 Hello @davidenco great detective skills ;-), thank you for sharing your findings. We will look into it here. Thank you, P.R. Link to comment Share on other sites More sharing options...
Recommended Posts