11.0 After you install

Check this section if you encounter issues after you install and begin using Management and Security Server.

For assistance with technical issues:

See Host Access Management and Security Server - Technical Resources
Contact Support

See the workaround for this Known issue: Applications hang on UNIX or Linux.

11.1 Known issue: Applications hang on UNIX or Linux

11.1.1 The Problem

The Management and Security Server installer, server, and configuration utilities may hang on UNIX or Linux systems, particularly headless ones. The hang or stall is caused by an insufficient amount of entropy in the system, typically due to a lack of interaction with the operating system’s UI (or lack of UI).

11.1.2 The Fix: /dev/urandom

In Management and Security Server (12.4.2 and higher), the Entropy Gathering Device (EGD) for UNIX/Linux is explicitly set to /dev/urandom, which is a non-blocking EGD. Although the use of /dev/urandom may be controversial, it was decided that using a non-blocking EGD would provide a more favorable user experience.

11.1.3 Alternative Solutions

If use of /dev/urandom is not acceptable or permitted in your environment, you can configure the applications to use /dev/random, as follows.

For security and responsiveness, consider installing a software package that obtains secure random data from the machine’s hardware. These packages require systems equipped with newer chipsets or cryptographic hardware. Refer to the package documentation for specific requirements. Example packages include:
- rng-tools
- haveged
Explicitly change the EGD by setting a property for each Management and Security Server application, as listed in Table 1.

Table 11-1 Example: changing the EGD to /dev/random

Application	How to set the Entropy Gathering Device (EGD)
Installer	On the installer's command line, prepend -J to the Java System property: mss-12.7.<n>.<nnn>-prod-linuxx64.sh -J-Djava.security.egd=file:///dev/random For each of the applications below, either edit the property’s value or comment-out the property to use the system’s default EGD value of /dev/random.
MSS Server	In container.conf, modify the service wrapper's additional JVM property by incrementing the highest number (X) by one integer: wrapper.java.additional.X=-Djava.security.egd=file:///dev/random
Initial Configuration Utility Configuration Upgrade Utility HTTPS Certificate Utility Keychain Utility MSS Security Proxy	In the *.vmoptions file for each utility and the Security Proxy, add the property or set the value. -Djava.security.egd=file:///dev/random

Application

How to set the Entropy Gathering Device (EGD)

Installer

On the installer's command line, prepend -J to the Java System property:

mss-12.7.<n>.<nnn>-prod-linuxx64.sh -J-Djava.security.egd=file:///dev/random

For each of the applications below, either edit the property’s value or comment-out the property to use the system’s default EGD value of /dev/random.

MSS Server

In container.conf, modify the service wrapper's additional JVM property by incrementing the highest number (X) by one integer:

wrapper.java.additional.X=-Djava.security.egd=file:///dev/random

Initial Configuration Utility

Configuration Upgrade Utility

HTTPS Certificate Utility

Keychain Utility

MSS Security Proxy

In the *.vmoptions file for each utility and the Security Proxy, add the property or set the value.

-Djava.security.egd=file:///dev/random