Error: "unable to obtain OS random data" intermittent in Policy Server
search cancel

Error: "unable to obtain OS random data" intermittent in Policy Server


Article ID: 54611


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER



SiteMinder Policy Server can read/write on /dev/random, but after some time it will throw the error "Unable to obtain OS random data".

This is an intermittent problem and /dev/random supplies randomization data most of the time.

Also after this error, the Policy Server restarts by itself.




SiteMinder Policy Server log shows that this problem is because the Policy Server is running out of files.

[19481/4136519360][Wed Aug 27 2008 14:12:32][CServer.cpp:3594][INFO] Available file descriptors: 1024
[19481/3996515248][Fri Aug 29 2008 11:29:46][CCrypto.cpp:482][ERROR] Unable to obtain OS random data
[19481/3996515248][Fri Aug 29 2008 11:29:46][SmObjStore.cpp:393][ERROR] Unable to initialize random number subsystem
[19481/4094221232][Fri Aug 29 2008 11:30:23][CServer.cpp:2454][ERROR] Failed to accept client connection on TCP server socket. Socket error 24
[19481/4094221232][Fri Aug 29 2008 11:30:23][CServer.cpp:2457][INFO] The encountered condition indicates a possible misconfiguration.  Shutting down the policy server

Since the Policy Server cannot get a file descriptor, it will not be able to obtain randomization data and the Policy Server will be restarted by itself.


When the issue is persistent is because of a wrong configuration in the OS. Other KB articles explain this situation (1). Documentation mentions about entropy and file descriptors to set on Linux (2).




Increasing the number of file descriptors to 4096 or higher must resolve the problem.


Additional Information



    Error: Failed to accept client - Socket error 24 in Policy Server


    Prepare for the Policy Server Installation