WebSphere fails to restart with no errors in SystemOut.log but shows KMS failing right before loading Luna libraries
Originally Published: 2012-04-09
Article Number
Applies To
SafeNet Luna HSM
IBM WebSphere 7.0.0.15 with Virtual Enterprise 6.1.1.3
Linux (32-bit)
Issue
The same WebSphere instance was working fine earlier with DPM, and no recent changes were made in the environment
If KMS.war (DPM Server) is undeployed, then WebSphere starts up fine
When WebSphere fails to start up, the last few lines in SystemOut.log (and when there's no key-manager.log) are as follows:
[4/5/12 13:44:20:689 EDT] 00000022 DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Provider 12
[4/5/12 13:44:20:691 EDT] 00000022 DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, IBMCMSProvider, Version: 1.2
[4/5/12 13:44:20:693 EDT] 00000022 DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Java 2 Implementation of CMS Key Databases
Whereas a working environment shows more logs even after the above stalled point, for example:
[4/5/12 13:15:08:221 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Provider 12
[4/5/12 13:15:08:222 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, IBMCMSProvider, Version: 1.2
[4/5/12 13:15:08:223 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Java 2 Implementation of CMS Key Databases
[4/5/12 13:15:08:224 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Provider 13
[4/5/12 13:15:08:225 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, LunaJCEProvider, Version: 1.0
[4/5/12 13:15:08:226 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, JCE Service Provider for SafeNet Luna hardware
[4/5/12 13:15:08:227 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Provider 14
[4/5/12 13:15:08:228 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, LunaJCAProvider, Version: 2.0
[4/5/12 13:15:08:229 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, JCA Service Provider for SafeNet Luna hardware
[4/5/12 13:15:08:230 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Provider 15
[4/5/12 13:15:08:231 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, JsafeJCE, Version: 4.1
[4/5/12 13:15:08:232 EDT] 0000001c DefaultSecuri I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Crypto-J 4.1, RSA Security Inc. JsafeJCE Security Provider (implements RSA, DSA, ECDSA, Diffie-Hellman, ECDH, AES, DES, Triple DES, DESX, RC2, RC4, RC5, PBE, MD2, MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512, HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, FIPS186PRNG, ECDRBG, HMACDRBG, SHA1PRNG, MD5PRNG, X.509 CertificateFactory; PKCS12 KeyStore; X.509V1, PKIX, PKIX-SuiteB, PKIX-SuiteBTLS CertPathValidators; X.509V1, PKIX, PKIX-SuiteB, PKIX-SuiteBTLS CertPathBuilders; LDAP, Collection CertStores)
[4/5/12 13:15:08:660 EDT] 0000001c DefaultRandom I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Initialized secure random, algorithm: ECDRBG128, provider: JsafeJCE
[4/5/12 13:15:09:908 EDT] 0000001c DefaultSafene I com.rsa.keymanager.core.util.logging.CommonsLogEngine log Client : Internal, Safenet login successful.
...
Cause
CkLog2 = {
LibUNIX=/usr/lib/libCryptoki2.so;
Enabled=1;
File=/was_trace/70/cklog.txt;
Error=/was_trace/70/ckerror.txt;
NewFormat=1;
LoggingMask=ALL_FUNC;
}
When cklog.txt file became 2Gb, which is the max size for a file on this OS, the Luna client stopped working. Additionally no error log is being created in this config. There is no max setting defined in the Luna config. Ideally it should just proceed when a file cannot be loaded or written to, seems like a software defect that needs to be fixed by Safenet.
Resolution
Notes
Related Articles
AFX Server on Windows fails to stop/start with a message 'This script requires elevated rights' in RSA Governance & Lifecycle Number of Views RSA Governance & Lifecycle Recipes: Overview - Access Rights Number of Views How to define a custom attribute as a user with group review rights in RSA Identity Governance and Lifecycle Number of Views Are Administrative rights needed when installing RAC and the CCID drivers? Number of Views Z: Need to finish - 'Multiple users' showing in role history instead of person or persons who made changes in RSA Identity… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide Troubleshooting RSA MFA Agent for Microsoft Windows How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
