masvi10

R12 Administrative UI Login & Linux Entropy

Discussion created by masvi10 Employee on Feb 6, 2013
Latest reply on Sep 13, 2016 by Enrique_L._Torres

Tuesday Tip by Vikas Tiwari, Senior Support Engineer, for 2-5-13


[Note from Vijay Masurkar: This is the first in a few upcoming tips involving Linux Entropy and SiteMinder. What is entropy: By definition, in data transmission and information theory, a measure of the loss of information in a transmitted signal or message. The Linux kernel generates what is called “entropy” from keyborad timings, mouse movements, and IDE timings, and makes the random character data available to other operating system processes through the special files /dev/randomand /dev/urandom. This capability was introduced in Linux version 1.3.30. ]

Example:

We were running R12.5 policy server on RHEL 6. Installed Administrative UI (AdminUI) on the RHEL 6.0 or RHEL 5.x servers also. Our AdminUI was working fine and we were able to login into AdminUI without any problem. However, over a weekend, our server got rebooted which was hosting the AdminUI; we restored the AdminUI services by starting JBOSS services. But, therafter, we were not able to login into AdminUI using SiteMinder superuser credentials. We were getting the below error:

"Error: username and password do not match"

Solution:

We verified that the username and password combination was actually correct. So, next, we wanted to check the entropy set.

Executed the below command.

# cat /proc/sys/kernel/random/entropy_avail

It was giving the value of less then 200. We set this value to 1000. Also the symbolic link for the entropy got removed somehow. We requested our System admin to restore the symbolic link and set the entropy value to higher value.

Then, restarted the JBOSS and we were able to login into AdminUI again. So, if Server gets rebooted, please make sure the symbolic link is available and entropy is higher. Preferably, check with your system administrator for exact values.

Even after restoring the symbolic link, if you are not able to login to the AdminUI, follow the below steps:

* Stop AdminUIservice.
* Go to /adminui-install-folder/server/default/data
* Take backup data folder and delete the data folder
* Run XPSRegclient command
* Start the AdminUI
* Try to login into AdminUI again

Outcomes