Discussion on /dev/urandom
search cancel

Discussion on /dev/urandom

book

Article ID: 50712

calendar_today

Updated On:

Products

Compress Data Compression for MVS Compress Data Compression for Fujitsu Datacom DATACOM - AD Mainframe Software Manager (Chorus Software Manager) MICS Resource Management CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware

Issue/Introduction

Description:

CA MSM can sometimes issue a warning about being able to set a random file and / or closing it. This article explains the process.

Solution:

The Tomcat JAVA Application server tries to set a random numbered file to use in order to track its user sessions. If one is successfully created the MSM application will use it. The creation of this file is performed in the base Tomcat application regardless of the Operating System platform. If this file cannot be set the CA MSM application will use it's own logic to track user sessions.

On a z/OS system the successful creation of the random file is dependant upon whether or not the site has an ICSF (Intergrated Cryptographic Services Facility) processor attached and enabled. If one is not enabled the CA MSM application will issue the following message and continue to initialize:

August 05, 2010, 4:56:37 p.m. org.apache.catalina.session.ManagerBase setRandomFile
WARNING: Failed to close randomIS.

However, if an ICSF processor is enabled it requires the CSF address space to be completely initialized.

If the MSMTC (Tomcat Application Server) task is started prior to the CSF being initialized the CA MSM application will fail, and will not be retried. A recycle of the MSMTC started task will be required to recover.

It is recommended that if you have an ICSF processor attached to your LPAR that you use your system automation software to add the CSF started task as a prerequisite to the start of the MSMTC started task.

The recommended message to key on to signal the successful initialization of the CSF address space is:
CSFM400I CRYPTOGRAPHY - SERVICES ARE NOW AVAILABLE.

This message signals that ICSF services are available and a cypher key has been loaded.

For more information please refer to the IBM manual:
z/OS Cryptographic Services PKI Services Guide and Reference SA22-7693-12

Environment

Release:
Component: MSM
Powered by Wolken Software