java.lang.InternalError: Unexpected CryptoAPI failure generating seed

Hello,

Since we upgraded to version 2019.11 Patch: NNM201911_00005 of NNMi the tool stops polling nodes unexpectedly and goes into a critical status due to reporting the whole topology as stale collections. We raised the logging level to SEVERE and were able to catch the log entry highlighting the cause of the issue:

2022-03-10 07:16:31.216 SEVERE [com.hp.ov.nms.snmp.service.common.StagedSnmpServiceBase] Shutting down SNMP Service. Please restart NNM. Uncaught exception thrown for thread SEDA ThreadPool Thread -0 <RequestProcessor>: java.lang.InternalError: Unexpected CryptoAPI failure generating seed

               at sun.security.provider.NativeSeedGenerator.getSeedBytes(NativeSeedGenerator.java:62)

               at sun.security.provider.SeedGenerator.generateSeed(SeedGenerator.java:144)

               at sun.security.provider.SecureRandom.engineGenerateSeed(SecureRandom.java:139)

               at java.security.SecureRandom.generateSeed(SecureRandom.java:533)

               at org.bouncycastle.crypto.util.BasicEntropySourceProvider$1.getEntropy(Unknown Source)

               at org.bouncycastle.crypto.fips.ContinuousTestingEntropySource.getEntropy(Unknown Source)

               at org.bouncycastle.crypto.fips.HashSP800DRBG.getEntropy(Unknown Source)

               at org.bouncycastle.crypto.fips.HashSP800DRBG.reseed(Unknown Source)

               at org.bouncycastle.crypto.fips.HashSP800DRBG.generate(Unknown Source)

               at org.bouncycastle.crypto.fips.ContinuousTestingPseudoRNG.generate(Unknown Source)

               at org.bouncycastle.crypto.fips.DRBGPseudoRandom.generate(Unknown Source)

               at org.bouncycastle.crypto.fips.FipsSecureRandom$RandomSpi.engineNextBytes(Unknown Source)

               at java.security.SecureRandom.nextBytes(SecureRandom.java:468)

               at org.bouncycastle.jcajce.provider.ProvRandom$1$1.engineNextBytes(Unknown Source)

               at java.security.SecureRandom.nextBytes(SecureRandom.java:468)

               at java.security.SecureRandom.next(SecureRandom.java:491)

               at java.util.Random.nextLong(Random.java:424)

               at com.hp.ov.snmp.v3.AES.makeSalt(AES.java:69)

               at com.hp.ov.snmp.v3.V3Message.encryptScopedPDU(V3Message.java:489)

               at com.hp.ov.snmp.v3.V3Message.writeCompleteMessage(V3Message.java:456)

               at com.hp.ov.snmp.v3.V3Message.write(V3Message.java:389)

               at com.hp.ov.snmp.util.SnmpUtil.writeMessageToByteBuffer(SnmpUtil.java:479)

               at com.hp.ov.snmp.stages.RequestStageEventHandler.handleEvent(RequestStageEventHandler.java:78)

               at com.hp.ov.snmp.stages.SedaStageEventHandler.handleEvents(SedaStageEventHandler.java:43)

               at com.hp.ov.snmp.EventSecurityHandler.handleEvents(EventSecurityHandler.java:34)

               at seda.sandStorm.internal.TPSThreadManager$StageRunnable.run(TPSThreadManager.java:262)

               at java.lang.Thread.run(Thread.java:748)

 

MF support suggested to contact an oracle admin and were not helpful unfortunately, so I am opening a thread here. 

So far I have tried to add -Djava.security.egd=file:/dev/./urandom to %NNMDATADIR%\conf\nnm\java.security in DevEnv and the processes start successfully. What worries me is that there are a couple of java.security files in both install and data dir. Here is a reference: https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for

I tried to add securerandom.source=file:/dev/./urandom instead of the above as it was suggested by all threads I checked so far. The NNMi processes do not start after the change. Here is a reference: https://security.stackexchange.com/questions/14386/what-do-i-need-to-configure-to-make-sure-my-software-uses-dev-urandom

If anyone can help me, it would be much appreciated. 

Kind regards, Mladen