Salesforce

AFX Connectors remain in a Deployed state and 'java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: MD5' error in RSA Identity Governance & Lifecycle

Printable View
« Go Back
Header
AFX Connectors remain in a Deployed state and 'java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: MD5' error in RSA Identity Governance & Lifecycle
AFX-Connectors-remain-in-a-Deployed-state-and-java-lang-SecurityException-Algorithm-not-allowable-in-FIPS140-mode-MD5-error-in-RSA-Identity-Governance-Lifecycle
AFX Connectors remain in a Deployed state and 'java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: MD5' error in RSA Identity Governance & Lifecycle
Technically Approved
1,356.97
Article Content
 
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.0 P02
 
After updating Java JDK to version 1.8u241 (1.8.0.241) or later and upgrading RSA Identity Governance & Lifecycle to 7.2.0 P02, the AFX Server goes into a Running state (AFX > Servers) but all the AFX Connectors stay stuck in a Deployed state (AFX > Connectors) and do not progress to a Running state. For example, 
 
User-added image

The $AFX_HOME/mmc-console/logs/mmc-console-app.log file reports the following error:
  
java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: MD5


The $AFX_HOME/esb/logs/esb.AFX-MAIN.log file has the following errors: 
 
2020-05-27 02:16:21.880 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:186 - Connection request retry attempt #1 of 2
2020-05-27 02:16:21.919 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:182 - Unable get/setup the flow list from the MMC request
2020-05-27 02:16:21.919 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:183 - Retrying MMC connection and flow list setup...
2020-05-27 02:16:31.919 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:186 - Connection request retry attempt #2 of 2
2020-05-27 02:16:31.960 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:188 - Unable get/setup the flow list from the MMC request
2020-05-27 02:16:31.961 [ERROR] com.aveksa.afx.server.manager.MMCRequestManagerImpl:189 - Flow list setup try count exceeded
2020-05-27 02:16:31.961 [ERROR] com.aveksa.afx.server.manager.MMCRequestManagerImpl:190 - Please verify that the MMC console is running and Host & Port in the URL are correct.
2020-05-27 02:16:31.962 [ERROR] com.aveksa.afx.server.manager.MMCRequestManagerImpl:136 - Unable to get status for all Connectors from MMC
com.aveksa.afx.server.manager.MMCException: Unable to retrieve and setup the flow list for server: local$5a2c751f-bf66-4a79-bcc0-4c842aeb2c5b
    at com.aveksa.afx.server.manager.MMCRequestManagerImpl.getFlowList(MMCRequestManagerImpl.java:191)
    at com.aveksa.afx.server.manager.MMCRequestManagerImpl.getAllConnectorStatus(MMCRequestManagerImpl.java:119)
    at com.aveksa.afx.server.component.PrimaryRequestConstructorComponent.constructRequest(PrimaryRequestConstructorComponent.java:59)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    ...

 
This is a known issue reported in engineering ticket ACM-105693.

The cause of this issue is the same as reported in RSA Knowledge Base Article 000038503 -- AFX Server and Remote Collection Agents fail to start after updating Java to version 1.8u241 (1.8.0_241) / 1.7u251 (1.7.0_251) or later in RSA Identity Governance & Lifecycle. Upgrading to RSA Identity Governance & Lifecycle 7.2.0 P02 enables the AFX Server to start but the connectors remain in a Deployed state which, in effect, makes AFX unusable despite the Running state of the AFX Server.
 
This issue is resolved in RSA Identity Governance & Lifecycle 7.2.0 P03.
 
Revert back to a Java version earlier than Java JDK version 1.8u241 (1.8.0.241).
 
000039222
Article Settings
External
Manual
Diane McCoy
8/12/2020 7:47 PM
Diane McCoy
Article Assignment
 
 
 
Article Properties
Published
Knowledge
000043962
Diane McCoy
Admin9 Integration (AWS)
English
Powered by