Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
duenlim
Staff
Staff

Created on ‎05-27-2022 02:57 AM Edited on ‎12-18-2025 02:30 PM By Community Manager

Article Id 213243

Technical Tip: 'EVP decryption failed' alert shows in User Event log

Description

This article describes why firewall system event logs may show 'FIPS CC decryption failed'.
Scope FortiOS, FIPS-CC mode.
Solution

Example log:

 

date=2022-05-27 time=14:50:49 eventtime=1653634249153306404 tz="+0800" logid="0102038011" type="event" subtype="user" level="alert" vd="root" logdesc="FIPS CC decryption failed" user="admin" ui="GUI(192.168.244.47)" action="decryption" status="failed" msg="EVP decryption failed"

 

The event indicates FortiGate was unable to decrypt and read a local credential. It can have multiple causes, including the following:

  • A GUI bug in older firmware versions when an administrator attempts to update a local user's password by appending characters to the existing password.
  • A misconfigured Kerberos keytab decryption.

 

If the cause is known and expected, the log itself is of no concern.

 

Related articles:

Technical Tip: How to enforce Kerberos keytab with AES256-SHA1 as the used encryption method with Ex...

Technical Tip: Getting Started with FIPS-CC enabled
1316
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.