Details
-
Bug
-
Status: In Progress (View Workflow)
-
Major
-
Resolution: Unresolved
-
slave node is Windows 10 64bit, HP Application Automation Tools 5.1,
Description
We are required to have FIPS enabled on our Windows slave workstations using UFT 12.5. When FIPS is turned on, I get the error below. When FIPS is turned off, the build runs properly.
Started by user xxxxxxxx
Building remotely on xxxxxxxxxVM in workspace C:\temp\workspace\xxxxxxxxxM
[WS-CLEANUP] Deleting project workspace...
[WS-CLEANUP] Done
[SATX10W17VM] $ C:\temp\workspace\xxxxxxVM\HpToolsLauncher.exe -paramfile props27022017151030223.txt
"Started..."
Timeout is set to: 99999
Run mode is set to: RUN_LOCAL
Unhandled Exception: System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
at System.Security.Cryptography.RijndaelManaged..ctor()
at HpToolsLauncher.Launcher.Decrypt(String textToDecrypt, String key)
at HpToolsLauncher.Launcher.CreateRunner(TestStorageType runType, JavaProperties ciParams)
at HpToolsLauncher.Launcher.Run()
at HpToolsLauncher.Program.Main(String[] args)
Recording test results
None of the test reports contained any result
RunResultRecorder: didn't find any test results to record
Finished: SUCCESS
Attachments
Activity
Ben
added a comment - Thank you Dorin, that definitely got me past this hump.
Is this configuration file documented somewhere?
Our QC/ALM server requires a client certificate, I knew I would eventually have to deal with this I just couldn't get that far until now.
I am hoping I can specify one in that config file because I don't see anywhere to specify one in the plugin configuration in Jenkins.
Let me know any thoughts.
Thanks again!
Ben
Ben
added a comment - Thank you Dorin, that definitely got me past this hump.
Is this configuration file documented somewhere?
Our QC/ALM server requires a client certificate, I knew I would eventually have to deal with this I just couldn't get that far until now.
I am hoping I can specify one in that config file because I don't see anywhere to specify one in the plugin configuration in Jenkins.
Let me know any thoughts.
Thanks again!
Ben 
Dorin Bogdan
added a comment - Hi ben732 ,
This file is mainly the C# app.config file and applies strictly to HpToolsLauncher.exe.
You can customize it as long as you follow the .Net xml schema:
https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/
Since this workaround is meant to be temporary (and discovered today), we have no official documentation. I just added one element:
About client certificate please check this suggestion:
https://eyeontesting.com/answers/how-to-connect-jenkins-to-https-alm/
Best regards,
Dorin.
Dorin Bogdan
added a comment - Hi ben732 ,
This file is mainly the C# app.config file and applies strictly to HpToolsLauncher.exe.
You can customize it as long as you follow the .Net xml schema:
https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/
Since this workaround is meant to be temporary (and discovered today), we have no official documentation. I just added one element:
https://learn.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/runtime/enforcefipspolicy-element
About client certificate please check this suggestion:
https://eyeontesting.com/answers/how-to-connect-jenkins-to-https-alm/
Best regards,
Dorin. Ben
added a comment - Thank you for the info, I completed the steps in that link but that did not help, still the same error.
That link discusses adding the ALM server certificate to the trust store of the JVM running Jenkins, so it would trust the ALM server.
I think this situation is the other way around - the ALM sever is requiring a client certificate (which would require the JVM running Jenkins to provide one during the SSL handshake).
I have taken steps to configure this, but it still does not help.
I do not believe in this situation it is any Jenkins process (thereby the JVM it is running in) making the HTTPS connection to the ALM server, I believe it is the HpToolsLauncher.exe process, in conjunction with the 'ALM Connectivity Tool' (TDConnect.exe) that is attempting the HTTPS connection.
Therefore, I need some way to tell this process to us a client certificate.
I was hoping for such configuration in the app.config file but I can't find anything in the documentation you shared that looks promising.
Here s a snip of the job output (with the workspace path & ALM server redacted), for reference:
[QC_Test] $ <redacted>\HpToolsLauncher.exe -paramfile props17112022133503543.txt -encoding UTF-8
"Started..."
Timeout is set to: -1
Run mode is set to: RUN_PLANNED_HOST
Error of client certificate
Error: ALM server https://<redacted>/qcbin/ unreachable, check that server Url is correct
ALM Test set runner not connected
Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE
Finished: FAILURE
I am off for the next week but can troubleshoot further when I get back.
Thanks again for all of your help!
Ben
Ben
added a comment - Thank you for the info, I completed the steps in that link but that did not help, still the same error.
That link discusses adding the ALM server certificate to the trust store of the JVM running Jenkins, so it would trust the ALM server.
I think this situation is the other way around - the ALM sever is requiring a client certificate (which would require the JVM running Jenkins to provide one during the SSL handshake).
I have taken steps to configure this, but it still does not help.
I do not believe in this situation it is any Jenkins process (thereby the JVM it is running in) making the HTTPS connection to the ALM server, I believe it is the HpToolsLauncher.exe process, in conjunction with the 'ALM Connectivity Tool' (TDConnect.exe) that is attempting the HTTPS connection.
Therefore, I need some way to tell this process to us a client certificate.
I was hoping for such configuration in the app.config file but I can't find anything in the documentation you shared that looks promising.
Here s a snip of the job output (with the workspace path & ALM server redacted), for reference:
[QC_Test] $ <redacted>\HpToolsLauncher.exe -paramfile props17112022133503543.txt -encoding UTF-8
"Started..."
Timeout is set to: -1
Run mode is set to: RUN_PLANNED_HOST
Error of client certificate
Error: ALM server https://<redacted>/qcbin/ unreachable, check that server Url is correct
ALM Test set runner not connected
Build step 'Execute Micro Focus functional tests from Micro Focus ALM' changed build result to FAILURE
Finished: FAILURE
I am off for the next week but can troubleshoot further when I get back.
Thanks again for all of your help!
Ben Dorin Bogdan
added a comment - Hi ben732 ,
I think the ALM certificate error is rather an IT related issue, and not necessarily a DEV one.
Either way, the standard procedure requires the customers to call for / open a support ticket here:
https://www.microfocus.com/en-us/contact-support/stackb
Please provide there a short summary (linked to JENKINS-42356) and ask for a high priority online session, and the support team will help you as soon as possible.
Thank you for understanding,
Dorin.
Dorin Bogdan
added a comment - Hi ben732 ,
I think the ALM certificate error is rather an IT related issue, and not necessarily a DEV one.
Either way, the standard procedure requires the customers to call for / open a support ticket here:
https://www.microfocus.com/en-us/contact-support/stackb
Please provide there a short summary (linked to JENKINS-42356 ) and ask for a high priority online session, and the support team will help you as soon as possible.
Thank you for understanding,
Dorin. 
Hi ben732 ,
Until we implement a permanent solution, please try the following workaround:
Get the attached HpToolsLauncher.exe.config
and copy it into the job's workspace folder ...Jenkins\workspace\your_job_name (created on first job build).
For example I have something like this:
C:\Jenkins\workspace\UFT_ALM_Job
This is the same path where HpToolsLauncher.exe.config
is placed by Jenkins at runtime, for each job.
If you are not sure where this path is located, you can find it in Console Output of your build:
Then please let us know the result.
Best regards,
Dorin.