Webengine or boplgin processes die repeatedly with unable to initialise encryption operation error
Article ID: 125279
Updated On:
Products
SUPPORT AUTOMATION- SERVER
CA Service Desk Manager - Unified Self Service
KNOWLEDGE TOOLS
CA Service Management - Asset Portfolio Management
CA Service Management - Service Desk Manager
Issue/Introduction
After SDM startup:
a) it takes a long time for the boplgin program to initialize and then it crashes
b) or an attempt to login to SDM crashes the webengine
Below errors are seen in the SDM stdlogs when this happens:
a) it takes a long time for the boplgin program to initialize and then it crashes
b) or an attempt to login to SDM crashes the webengine
Below errors are seen in the SDM stdlogs when this happens:
01/10 04:12:49.25 SDMHost web:local 6800 ERROR encrypt.cpp 520 etpki_lib_init return -1
01/10 04:12:49.26 SDMHost web:local 6800 ERROR encrypt.cpp 139 unable to initialise encryption operation
01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 520 etpki_lib_init return -1
01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 139 unable to initialise encryption operation
01/10 04:12:49.26 SDMHost web:local 6800 ERROR encrypt.cpp 139 unable to initialise encryption operation
01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 520 etpki_lib_init return -1
01/10 09:15:28.01 SDMHost boplgin 5932 ERROR encrypt.cpp 139 unable to initialise encryption operation
Cause
To be FIPS compliant, CAPKI5 has a restriction to load the library libcaopenssl_crypto.dll at a specific memory address. This is restriction a from OpenSSL.
If a process (boplgin/webengine) obtains more than 250MB of heap memory before calling etpki_lib_init (a function in CAPKI5 that SDM needs to initialize CAPKI5), the call will fail and so the program crashes.
If a process (boplgin/webengine) obtains more than 250MB of heap memory before calling etpki_lib_init (a function in CAPKI5 that SDM needs to initialize CAPKI5), the call will fail and so the program crashes.
Environment
Release:
Component: USRD
Component: USRD
Resolution
A solution for this is available as a testfix (defect DE44381/DE49723 for SDM 17.1 release).
Raise a case with CA Support to obtain appropriate solution for the release/platform of SDM 17.1 that is in use.
Additional Information
NOTE: Make sure CAPKI5 is installed properly first. If CAPKI5 is not installed properly then, the above solution will not make any difference. Here is an article on the same: https://comm.support.ca.com/kb/service-desk-configuration-fails-with-the-following-error-pdmsql-4468-error-encryptcpp-136-unable-to-initialise-encryption-operation/KB000041327
Feedback
Yes
No
Powered by
