Integration News
Troubleshooting.
Sterling B2Bi node goes down abruptly due to com.ibm.crypto.fips.provider.FIPSRuntimeException
Problem
IBM Sterling B2Bi node goes down or dashboard throws HTTP ERROR 500 com.ibm.crypto.fips.provider.FIPSRuntimeException
Symptom
Error
Dashboard:
HTTP ERROR 500 com.ibm.crypto.fips.provider.FIPSRuntimeException
URI: /dashboard/
STATUS: 500
MESSAGE: com.ibm.crypto.fips.provider.FIPSRuntimeException
SERVLET: default
CAUSED BY: com.ibm.crypto.fips.provider.FIPSRuntimeException
Caused by:
com.ibm.crypto.fips.provider.FIPSRuntimeException
at com.ibm.crypto.fips.provider.HASHDRBG.engineNextBytes(Unknown Source)
at com.ibm.crypto.fips.provider.SHA2DRBG.engineNextBytes(Unknown Source)
at java.security.SecureRandom.nextBytes(SecureRandom.java:471)
at java.security.SecureRandom.next(SecureRandom.java:494)
at java.util.Random.nextInt(Random.java:340)
Security.log
ERROR LM.refresh run caught Exception
ERROR [1634112649079] null
ERRORDTL [1634112649079]com.ibm.crypto.fips.provider.FIPSRuntimeException
at com.ibm.crypto.fips.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:407)
at com.sterlingcommerce.security.lc.LicenseSig.verify(LicenseSig.java:596)
at com.sterlingcommerce.security.lc.FeatureSet.load(FeatureSet.java:455)
at com.sterlingcommerce.security.lc.LM.loadMapFromFile(LM.java:2500)
at com.sterlingcommerce.security.lc.LM.loadMap(LM.java:2559)
at com.sterlingcommerce.security.lc.LM.refresh(LM.java:3188)
at com.sterlingcommerce.security.lc.LMThread.run(LMThread.java:210)
at java.lang.Thread.run(Thread.java:818)
Wf.log
ERROR [1658996685245] null
ERRORDTL [1658996685245]com.ibm.crypto.fips.provider.FIPSRuntimeException
at com.ibm.crypto.fips.provider.HASHDRBG.engineNextBytes(Unknown Source)
at com.ibm.crypto.fips.provider.SHA2DRBG.engineNextBytes(Unknown Source)
System.log and noapp.log
ALL 000000000000 GLOBAL_SCOPE com.ibm.crypto.fips.provider.FIPSRuntimeException
Cause
The FIPSRunTimeException could be a case where the IBMJCEFIPS provider causes issues in non-FIPS mode. IBMJCEFIPS is the security provider libraries that are part of the JDK. By default , B2Bi is running in non-fips mode. This issue happens when the application gets many concurrent calls(high volume) and somehow application java ends up with a race condition between concurrent JDK calls.
This can happen randomly and is quite unpredictable. When this happens, it can leave the JVM in an inconsistent state therefore node get freeze.
Resolving The Problem
To resolve the issue, follow the below steps
- Stop B2Bi node using ./hardstop.sh from <B2Bi_install>/bin folder.
- Backup the current java.security file found under <B2Bi_Install>/jdk/jre/lib/security
- Edit java.security file , make the below changes and save the file
Move com.ibm.crypto.fips.provider.IBMJCEFIPS down e.g., From security.provider.2=com.ibm.crypto.fips.provider.IBMJCEFIPS security.provider.3=com.ibm.crypto.provider.IBMJCE To security.provider.2=com.ibm.crypto.provider.IBMJCE security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS - Start B2Bi node using ./run.sh from <B2Bi_install>/bin folder
Perform these changes in all nodes if you are running B2Bi in Cluster environment
Click on the button below to download this newsletter in Pdf format.
