Error : Socket error 0 AdminUI frozen and handshake errors
search cancel

Error : Socket error 0 AdminUI frozen and handshake errors

book

Article ID: 107619

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 

When running an AdminUI and once registered with XPSRegClient tool,
accessing it through the browser for the first time, after entering
superuser credentials and Policy Server hostname, the AdminUI seems to
be frozen showing a wheel but never ending. AdminUI is installed in a
different server than the Policy Server, but they are both in the same
subnet and running in RedHat OS.

The following errors can be seen in the smps.log file:

  [2783/140546697852672][Mon Jul 23 2018 11:40:43][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3152
  
  [2783/140546697852672][Mon Jul 23 2018 11:40:43][CServer.cpp:2128][ERROR][sm-Tunnel-00030]
  Handshake error: Failed to receive client hello. Socket error 0
  
  [2783/140546697852672][Mon Jul 23 2018 11:40:43][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:38428
  
  [2783/140544953022208][Mon Jul 23 2018 11:40:49][PolicyCache.cpp:1307][INFO][sm-Server-02880]
  Building policy cache ...
  
  [2783/140544953022208][Mon Jul 23 2018 11:40:49][PolicyCache.cpp:1406][INFO][sm-Server-02890]
  Building policy cache done
  
  [2783/140546672674560][Mon Jul 23 2018 11:40:53][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3152
  
  [2783/140546672674560][Mon Jul 23 2018 11:40:53][CServer.cpp:2128][ERROR][sm-Tunnel-00030]
  Handshake error: Failed to receive client hello. Socket error 0
  
  [2783/140546672674560][Mon Jul 23 2018 11:40:53][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:49034
  
  [2783/140546177734400][Mon Jul 23 2018 11:41:10][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 3 connection idle too long before handshake .
  
  [2783/140546672674560][Mon Jul 23 2018 11:57:09][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3156
  
  [2783/140546672674560][Mon Jul 23 2018 11:57:09][CServer.cpp:2136][ERROR][sm-Tunnel-00070]
  Handshake error: Failed to receive client ack. Socket error 0
  
  [2783/140546672674560][Mon Jul 23 2018 11:57:09][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:53402
  
  [2783/140546177734400][Mon Jul 23 2018 11:57:55][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 6 connection idle too long before handshake .
  
  [2783/140546672674560][Mon Jul 23 2018 12:02:40][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3152
  
  [2783/140546672674560][Mon Jul 23 2018 12:02:40][CServer.cpp:2128][ERROR][sm-Tunnel-00030]
  Handshake error: Failed to receive client hello. Socket error 0
  
  [2783/140546672674560][Mon Jul 23 2018 12:02:40][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:38448
  
  [2783/140546681067264][Mon Jul 23 2018 12:50:34][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3156
  
  [2783/140546681067264][Mon Jul 23 2018 12:50:34][CServer.cpp:2136][ERROR][sm-Tunnel-00070]
  Handshake error: Failed to receive client ack. Socket error 0
  
  [2783/140546681067264][Mon Jul 23 2018 12:50:34][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:53412
  
  [2783/140546177734400][Mon Jul 23 2018 12:51:30][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 9 connection idle too long before handshake .
  
  [2783/140546177734400][Mon Jul 23 2018 12:54:00][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 10 connection idle too long before handshake .
  
  [2783/140546177734400][Mon Jul 23 2018 13:04:00][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 11 connection idle too long before handshake .
  
  [2783/140546177734400][Mon Jul 23 2018 13:06:20][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 12 connection idle too long before handshake .
  
  [2783/140546177734400][Mon Jul 23 2018 13:08:05][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 13 connection idle too long before handshake .

  [2783/140546177734400][Mon Jul 23 2018 13:16:40][CServer.cpp:1874][INFO][sm-Server-01770]
  Closing accepted connection for session  # 14 connection idle too long before handshake .
  
  [2783/140546689459968][Mon Jul 23 2018 13:26:15][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3156
  
  [2783/140546689459968][Mon Jul 23 2018 13:26:15][CServer.cpp:2136][ERROR][sm-Tunnel-00070]
  Handshake error: Failed to receive client ack. Socket error 0
  
  [2783/140546689459968][Mon Jul 23 2018 13:26:15][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:53442
  
  [2783/140546681067264][Mon Jul 23 2018 13:29:32][CServer.cpp:2121][ERROR][sm-Tunnel-00010]
  Bad security handshake attempt. Handshake error: 3159
  
  [2783/140546681067264][Mon Jul 23 2018 13:29:32][CServer.cpp:2126][ERROR][sm-Tunnel-00020]
  Handshake error: Failed to receive client hello. Client disconnected
  
  [2783/140546681067264][Mon Jul 23 2018 13:29:32][CServer.cpp:2293][ERROR][sm-Server-01070]
  Failed handshake with 10.0.0.1:53444

 

Environment

 

AdminUI R12.8 in RHEL7
Policy Server R12.8 in RHEL7

 

Resolution

 

These kind of errors can happen when the entropy on the OS is too low,
so you should first ensure that you have enough entropy on both
servers.

  - Check the following documentation for entropy settings for both
    components (1)(2);

  - Run the following command to know how many entropy there is at
    that moment:

    # cat /proc/sys/kernel/random/entropy_avail 

If it is too low, please, increase it following the information above.

Also, ensure the JCE patch is applied for the Java used by both the
Policy Server and the AdminUI JBoss (or has enabled the unlimited
cryptography settings as per the following KB (3).

 

Additional Information

 

(1)

    Increase Entropy
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-a-policy-server/install-policy-server-on-unix/prepare-for-the-policy-server-installation.html#PrepareforthePolicyServerInstallation-IncreaseEntropy
    

(2)

    Increase Entropy
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/installing/install-the-administrative-ui/install-the-administrative-ui-on-linux-stand-alone.html

(3)

    How to apply the JCE patch in JDK1.8_151 or higher?
    https://knowledge.broadcom.com/external/article?articleId=16726

 

Powered by Wolken Software