000011631 - Resolve SDK client not starting SSL when connecting to Authentication Manager

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011631
Applies ToAuthentication Manager SDK 7.1
Redhat Linux Advanced Server 5
IssueResolve SDK client not starting SSL when connecting to Authentication Manager

Exception in thread "main" com.rsa.common.SystemException: Command target (CommandAPIConnection) initialization failure

javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://server.lab.test.com:7002: Destination unreachable; nested exception is:
java.io.IOException: Stream closed.; No available router to destination]
at com.rsa.command.ConnectionFactory.getSpringBeanTarget(ConnectionFactory.java:212)
at com.rsa.command.ConnectionFactory.getTarget(ConnectionFactory.java:170)
at com.rsa.command.ConnectionFactory.getConnection(ConnectionFactory.java:246)


Network trace shows TCP connection only (no SSL).  Eventually (more than a minute later for example) data send attempted but by then Authentication Manager has timed out the connection.
CauseThis can occur to a lack of required entropy in /dev/random for the SSL cryptographic functions.  Using strace will show incomplete read attempts from /dev/random.
ResolutionEnsure adequate usage of the server so that the entropy pool does not become exhausted. However, if that is not possible, the best workaround is to change the implementation of /dev/random to a pseudorandom source (as used in /dev/urandom). You can do this by using

rm /dev/random
mknod -m 0644 /dev/random c 1 9

Reference: man -S4 random.
NotesThis scenario is most likely to occur when using a server for the SDK client (no connected keyboard/mouse) as much of the entropy generation is based on activity from these input devices.
Legacy Article IDa49386