Discussion on /dev/urandom

Document ID : KB000050712
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

CA MSM can sometimes issue a warning about being able to set a random file and / or closing it. This article explains the process.

Solution:

The Tomcat JAVA Application server tries to set a random numbered file to use in order to track its user sessions. If one is successfully created the MSM application will use it. The creation of this file is performed in the base Tomcat application regardless of the Operating System platform. If this file cannot be set the CA MSM application will use it's own logic to track user sessions.

On a z/OS system the successful creation of the random file is dependant upon whether or not the site has an ICSF (Intergrated Cryptographic Services Facility) processor attached and enabled. If one is not enabled the CA MSM application will issue the following message and continue to initialize:

August 05, 2010, 4:56:37 p.m. org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Failed to close randomIS.

However, if an ICSF processor is enabled it requires the CSF address space to be completely initialized.

If the MSMTC (Tomcat Application Server) task is started prior to the CSF being initialized the CA MSM application will fail, and will not be retried. A recycle of the MSMTC started task will be required to recover.

It is recommended that if you have an ICSF processor attached to your LPAR that you use your system automation software to add the CSF started task as a prerequisite to the start of the MSMTC started task.

The recommended message to key on to signal the successful initialization of the CSF address space is:
CSFM400I CRYPTOGRAPHY - SERVICES ARE NOW AVAILABLE.

This message signals that ICSF services are available and a cypher key has been loaded.

For more information please refer to the IBM manual:
z/OS Cryptographic Services PKI Services Guide and Reference SA22-7693-12