000039222 - AFX Connectors remain in a Deployed state and 'java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: MD5' error in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Aug 12, 2020Last modified by RSA Customer Support Employee on Aug 25, 2020
Version 19Show Document
  • View in full screen mode

Article Content

Article Number000039222
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.2.0 P02
 
IssueAfter updating Java JDK to version 1.8u241 (1.8.0.241) or later and upgrading RSA Identity Governance & Lifecycle to 7.2.0 P02, the AFX Server goes into a Running state (AFX > Servers) but all the AFX Connectors stay stuck in a Deployed state (AFX > Connectors) and do not progress to a Running state. For example, 
 
User-added image



The $AFX_HOME/mmc-console/logs/mmc-console-app.log file reports the following error:
 

java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: MD5



The $AFX_HOME/esb/logs/esb.AFX-MAIN.log file has the following errors: 
 


2020-05-27 02:16:21.880 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:186 - Connection request retry attempt #1 of 2
2020-05-27 02:16:21.919 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:182 - Unable get/setup the flow list from the MMC request
2020-05-27 02:16:21.919 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:183 - Retrying MMC connection and flow list setup...
2020-05-27 02:16:31.919 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:186 - Connection request retry attempt #2 of 2
2020-05-27 02:16:31.960 [WARN] com.aveksa.afx.server.manager.MMCRequestManagerImpl:188 - Unable get/setup the flow list from the MMC request
2020-05-27 02:16:31.961 [ERROR] com.aveksa.afx.server.manager.MMCRequestManagerImpl:189 - Flow list setup try count exceeded
2020-05-27 02:16:31.961 [ERROR] com.aveksa.afx.server.manager.MMCRequestManagerImpl:190 - Please verify that the MMC console is running and Host & Port in the URL are correct.
2020-05-27 02:16:31.962 [ERROR] com.aveksa.afx.server.manager.MMCRequestManagerImpl:136 - Unable to get status for all Connectors from MMC
com.aveksa.afx.server.manager.MMCException: Unable to retrieve and setup the flow list for server:
local$5a2c751f-bf66-4a79-bcc0-4c842aeb2c5b
    at com.aveksa.afx.server.manager.MMCRequestManagerImpl.getFlowList(MMCRequestManagerImpl.java:191)
    at com.aveksa.afx.server.manager.MMCRequestManagerImpl.getAllConnectorStatus(MMCRequestManagerImpl.java:119)
    at com.aveksa.afx.server.component.PrimaryRequestConstructorComponent.constructRequest(PrimaryRequestConstructorComponent.java:59)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    ...


 
CauseThis is a known issue reported in engineering ticket ACM-105693.

The cause of this issue is the same as reported in RSA Knowledge Base Article 000038503 -- AFX Server and Remote Collection Agents fail to start after updating Java to version 1.8u241 (1.8.0_241) / 1.7u251 (1.7.0_251) or later in RSA Identity Governance & Lifecycle. Upgrading to RSA Identity Governance & Lifecycle 7.2.0 P02 enables the AFX Server to start but the connectors remain in a Deployed state which, in effect, makes AFX unusable despite the Running state of the AFX Server.
 
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.2.0 P03.
 
WorkaroundRevert back to a Java version earlier than Java JDK version 1.8u241 (1.8.0.241).
 

Attachments

    Outcomes