Restarting the agent after enabling FIPS mode

If you use the ADM group policy template, which does not perform validation checks, or if you manually enable FIPS mode by setting the fips.mode.enable parameter in the agent configuration file, the adclient process will not start if the domain functional level is below Windows Server 2008.

If you attempt to start adclient and the domain functional level is below Windows Server 2008, you will see the following error message:

Cannot start adclient in FIPS Mode as machine is joined to domain with Pre‑Windows 2008 Domain Functional Level!

To restart the agent, you must disable FIPS mode by setting the fips.mode.enable parameter to false or the “Use FIPS compliant algorithms for encryption, hashing and signing” group policy to Not configured. After disabling FIPS mode, you can continue working at your current domain functional level in non-FIPS mode by restarting the agent:

/usr/share/centrifydc/centrifydc restart

If you want to enable FIPS mode, leave the current domain, update your domain functional level, then join a Windows Server 2008, or later, domain.