TechNote (Archived)

ColdFusion MX: SeedGenerator exception thrown during startup

Issue

When restarting Macromedia ColdFusion MX, the following error may be generated:

 01/26 14:32:37 error internal error: SeedGenerator thread generated an exception. java.lang.InternalError: internal error: SeedGenerator thread generated an exception.  at sun.security.provider.SeedGenerator._getByte(SeedGenerator.java:173)  at sun.security.provider.SeedGenerator.getByte(SeedGenerator.java:159)  at sun.security.provider.SecureRandom.engineGenerateSeed(SecureRandom.java:112)  at sun.security.provider.SecureRandom.engineNextBytes(SecureRandom.java:170)  at java.security.SecureRandom.nextBytes(SecureRandom.java:324)  at java.security.SecureRandom.next(SecureRandom.java:346)  at java.util.Random.nextInt(Random.java:243)  at coldfusion.runtime.ClientScopeServiceImpl.GetEightDigitRandom(Unknown Source)  at coldfusion.runtime.ClientScopeServiceImpl.GetCFTOKEN(Unknown Source)  at coldfusion.tagext.lang.ApplicationTag.getClientIDs(Unknown Source)  at coldfusion.tagext.lang.ApplicationTag.doStartTag(Unknown Source)  at coldfusion.runtime.CfJspPage._emptyTag(Unknown Source)  at cfApplication2ecfm351041136.runPage(/Application.cfm:48)  at coldfusion.runtime.CfJspPage.invoke(Unknown Source)  at coldfusion.tagext.lang.IncludeTag.doStartTag(Unknown Source)  at coldfusion.filter.CfincludeFilter.invoke(Unknown Source)  at coldfusion.filter.CfincludeFilter.include(Unknown Source)  at coldfusion.filter.ApplicationFilter.invoke(Unknown Source)  at coldfusion.filter.PathFilter.invoke(Unknown Source)  at coldfusion.filter.ExceptionFilter.invoke(Unknown Source)  at coldfusion.filter.BrowserDebugFilter.invoke(Unknown Source)  at coldfusion.filter.ClientScopePersistenceFilter.invoke(Unknown Source)  at coldfusion.filter.BrowserFilter.invoke(Unknown Source)  at coldfusion.filter.GlobalsFilter.invoke(Unknown Source)  at coldfusion.filter.DatasourceFilter.invoke(Unknown Source)  at coldfusion.CfmServlet.service(Unknown Source)  at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:91)  at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)  at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:226)  at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:527)  at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:198)  at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:348)  at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:451)  at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:294)  at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)

The cause of this error is I/O blocking by the /dev/random device during seeding of the Java Virtual Machine (JVM) SecureRandom() call. The JVM initiates java.Security.SecureRandom when ColdFusion MX creates the cftoken value for the first cfapplication tag called after a startup/restart. SecureRandom is a cryptographically strong random number generator, and it uses the special /dev/random device as a seeding source. The /dev/random device blocks I/O until there is enough entropy collected for the interface to return the requested number of random bytes.

SecureRandom is part of the J2EE Java Authentication and Authorization Service (JAAS) -- an optional package for the 1.3.x SDK and now integrated into the 1.4.x SDK. The JVM allows for two entropy gathering devices (EGD): /dev/random and /dev/urandom. Normally ColdFusion MX does not need the device but, if it is there, the JVM will try to use it. The java.security master properties file defaults to /dev/random.

Solution

To avoid this issue, make the JVM use the /dev/urandom device. Use one of the following options to do so:

Edit thecf_root/runtime/jre/lib/security/java.security file. Change this entry:

securerandom.source=file:/dev/random

to

securerandom.source=file:/dev/urandom

-or-

Add -Djava.security.egd=file:/dev/urandom to the JVM arguments, by adding it through the ColdFusion Administrator or in the cf_root/runtime/bin/jvm.config file at the end of the java.args entry.

Note: You will need to restart ColdFusion for both of these methods to take effect.