When adding an ITCM Domain Manager to an Enterprise Manager, you receive the following error:
Domain is not allowed to be linked to Enterprise because of incompatible FIPS modes [CMG000053]
Client Automation (ITCM) -- any version
There are two FIPS operating modes for ITCM:
- FIPS-preferred (out of the box default)
The error message is indicating one of the ITCM managers is running FIPS-preferred, while the other is FIPS-only, hence this needs to be rectified before linking the DM to the EM.
You need to verify the FIPS settings on both the Enterprise and Domain Manager, Default Configuration Policy:
DSM Explorer --> Control Panel --> Configuration --> Configuration Policy --> Default Computer Policy --> DSM --> Common Components --> Security --> FIPS 140 Settings
Both managers must have matching settings.
If you are unsure, unseal the policy and apply the default, out of the box settings:
Change action: Switch FIPS mode on next restart of ITCM
FIPS 140 Setting: FIPS 140 approved security functions are preferred
Once the Default Computer Policy is resealed, you will need to wait for the policy to apply to all registered agents, including the agent representing the Domain Manager (or Enterprise). Only after the Manager's configuration policy is updated/refreshed with the changes, will you be able to recycle CAF, and repeat the process to link the managers.