Intermittent error "unable to obtain OS random data" in SiteMinder Policy Server log.

Document ID : KB000054611
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

SiteMinder Policy Server is able to read/write on /dev/random, but after some time it will throw the error "Unable to obtain OS random data".

Please note that this is an intermittent problem and /dev/random is supplying randomization data most of the time.

Also after this error the policy Server restarts by itself.

Solution:

SiteMinder Policy Server log shows that this problem is because SiteMinder Policy Server is running out of file descriptors:

<- Begin [19481/4136519360][Wed Aug 27 2008 14:12:32][CServer.cpp:3594][INFO] Available file descriptors: 1024 ... [19481/3996515248][Fri Aug 29 2008 11:29:46][CCrypto.cpp:482][ERROR] Unable to obtain OS random data [19481/3996515248][Fri Aug 29 2008 11:29:46][SmObjStore.cpp:393][ERROR] Unable to initialize random number subsystem ... [19481/4094221232][Fri Aug 29 2008 11:30:23][CServer.cpp:2454][ERROR] Failed to accept client connection on TCP server socket. Socket error 24 ... [19481/4094221232][Fri Aug 29 2008 11:30:23][CServer.cpp:2457][INFO] The encountered condition indicates a possible misconfiguration.  Shutting down the policy server...  -> End

Since SiteMinder is not able to get a file descriptor therefore it will not able to obtain randomization data and the Policy Server will be restarted by itself.

Increasing the number of file descriptors to 4096 must resolve the problem.

Notes:

  • When the issue is persistent is because of a bad configuration in the OS. There are others KB articles explaining this situation.
  • For more reference please check SiteMinder Policy Server 6 SP3 Release Notes - 2.2 Entropy Enhancement.