Discussion on /dev/urandom

book

Article ID: 50712

calendar_today

Updated On:

Products

CA Compress Data Compression for MVS CA Compress Data Compression for Fujitsu CA Datacom CA DATACOM - AD CA Mainframe Software Manager (Chorus Software Manager) CA MICS Resource Management CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Datacom/AD

Issue/Introduction

Description:

CA MSM can sometimes issue a warning about being able to set a random file and / or closing it. This article explains the process.

Solution:

The Tomcat JAVA Application server tries to set a random numbered file to use in order to track its user sessions. If one is successfully created the MSM application will use it. The creation of this file is performed in the base Tomcat application regardless of the Operating System platform. If this file cannot be set the CA MSM application will use it's own logic to track user sessions.

On a z/OS system the successful creation of the random file is dependant upon whether or not the site has an ICSF (Intergrated Cryptographic Services Facility) processor attached and enabled. If one is not enabled the CA MSM application will issue the following message and continue to initialize:

August 05, 2010, 4:56:37 p.m. org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Failed to close randomIS.

However, if an ICSF processor is enabled it requires the CSF address space to be completely initialized.

If the MSMTC (Tomcat Application Server) task is started prior to the CSF being initialized the CA MSM application will fail, and will not be retried. A recycle of the MSMTC started task will be required to recover.

It is recommended that if you have an ICSF processor attached to your LPAR that you use your system automation software to add the CSF started task as a prerequisite to the start of the MSMTC started task.

The recommended message to key on to signal the successful initialization of the CSF address space is:
CSFM400I CRYPTOGRAPHY - SERVICES ARE NOW AVAILABLE.

This message signals that ICSF services are available and a cypher key has been loaded.

For more information please refer to the IBM manual:
z/OS Cryptographic Services PKI Services Guide and Reference SA22-7693-12

Environment

Release:
Component: MSM