000034277 - How to factory reset an Authentication Manager 8.2 hardware appliance without a factory reset button from the Operations Console

Document created by RSA Customer Support Employee on Nov 7, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000034277
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
IssueThere can be several reasons why a factory reset of the Authentication Manager server may be required.  For example,
  • Suspicion that the Authentication Manager 8.2 appliance has a corrupt disk drive because it is behaving inconsistently, with errors that indicate hardware problems.
  • Some other requirement to revert back to the base install of Authentication Manager 8.2 or Authentication Manager 8.1, but there is no factory reset option in Authentication Manager 8.2.
TasksSteps to follow include:
  1. Download the Authentication Manager 8.x hardware appliance .iso file.
  2. Burn this .iso to DVD.
  3. Boot the appliance to this DVD and install Authentication Manager.
  4. Configure initial setup including the fully qualified domain name and IP address of the appliance.
  5. Run Quick Setup on the appliance to configure it as either a primary or a replica.
ResolutionYou will need either the .iso for 
  • The RSA Authentication Manager 8.2 hardware appliance .iso (rsa-am-hardware-appliance-8.2.0.0.0.iso) to factory reset back to Authentication Manager 8.2, or
  • The RSA Authentication Manager 8.1 hardware appliance .iso (rsa-am-hardware-appliance-8.1.0.0.0.iso) if you are trying to factory reset or roll back to Authentication Manager 8.1.
Refer to the article on how to install the original system image on a hardware appliance or click Additional Downloads in the RSA SecurID Suite space on RSA Link and search for the .iso file.
Once you have downloaded the correct .iso, follow the steps below:
  1. Burn this .iso to a DVD (do not simply copy it).
  2. Insert the DVD into the appliance's CD/DVD drive.
  3. Reboot the appliance, using one of these methods:
  • From the Operations Console select Maintenance > Reboot Appliance.
  • Launch an SSH session or connect directly to the appliance.
  1. Login with the rsaadmin operating system account.
  2. Navigate to /opt/rsa/am/server and run the following command to stop the Authentication Manager services:
./rsaserv stop all

  1. Next, sudo to root, using the operating system account password used in step a, above.                                    
sudo su -

  1. Reboot the system:
reboot

  1. If you successfully boot the DVD, you should see the following choices displayed:
1.  Boot hard drive 
2.  Install RSA Authentication Manager 
3.  Install RSA Authentication Manager Safe Mode

  1. From the menu, choose 2.  Install RSA Authentication Manager
  2. About 15 minutes later you will see the following prompt:
"Install complete checking data."

  1.  The following prompts will display.  Complete them as follows:

Keep settings? Y to keep, N to change
Agree to License <space bar> for Yes
FQDN: <enter the fully qualifed domain name for the server>
IP: <enter the IP address for this server>
Subnet mask: <enter the value of the netmask>
Gateway: <enter the value of the default IP routing gateway IP>
DNS and alt: <enter relevant DNS servers>
Are these correct: <Y if settings are correct, N to redo them>


  1. Note and copy the setup code which displays on screen, as you will need this to complete the Quick Setup process.
  2. The final prompt is "Do you want to shutdown?"  Enter Yes if, for example, the appliance is to be shipped somewhere and will be offline and No if you are completing Quick Setup now.
  3. You should be able to run Quick Setup now using the FQDN entered above in the format of https://<fully_qualified_domain_name_of_server>
Notes

Troubleshooting


If the RSA DVD does not boot, either
  • The disk is bad,
  • The SATA optical DVD drive is bad, or
  • The SATA optical DVD drive is not first in the boot sequence (which should be the default for RSA Authentication Manager appliances).

1.  Verify the DVD disk


  1. Try booting the disk into another computer to verify that it is readable.  Cancel when you see the RSA install screen.  If DVD not bootable, try burning again at a slower rate.
  2. Try booting a known good bootable CD or DVD in the RSA Appliance drive, to see if that boot screen appears.  Cancel when you see any install screen or else you will incur ridicule and shame

2.  Verify the DVD/CD optical drive on the appliance


  1. Reboot the appliance with a monitor and keyboard physically attached so you can interrupt the boot sequence (typically with either the [F2] or [F11] key) and access the BIOS.
  2. Edit the BIOS boot sequence and move the internal SATA DVD/CD optical drive to the #1 boot sequence device.  If it is already there, the drive may be bad.  If it is not there, reboot and try again.
Bios Boot Sequence

  1. If the internal DVD/CD optical drive is suspected to be bad, you can RMA the appliance.  If you are in a hurry, try connecting a USB external DVD reader, make USB the #1 device in boot sequence in BIOS and try again.

Related Topics


Even though Authentication Manager 8.2 hardware appliances do not have the factory reset option, Authentication Manager 8.1 hardware appliances allowed factory reset, even from the command line. Refer to article 
000033943 - How to factory reset an Authentication Manager 8.1 hardware appliance from the command line.  The command is:
/opt/rsa/am/utils/rsautil factory-reset

Some older Authentication Manager appliances that ran Authentication Manager 7.1 cannot be upgraded to Authentication Manager 8.x; for example, the Dell 2950.  For more information, refer to 000013442 - RSA SecurID Appliance 3.0 hardware that can be upgraded to Authentication Manager 8.1.

Attachments

    Outcomes