000034277 - How to factory reset an RSA Authentication Manager 8.2 hardware appliance without a factory reset button from the Operations Console

Document created by RSA Customer Support Employee on Nov 7, 2016Last modified by RSA Customer Support on Jan 18, 2019
Version 8Show Document
  • View in full screen mode

Article Content

Article Number000034277
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
IssueThere can be several reasons why a factory reset of the Authentication Manager server may be required.  For example,
  • Suspicion that the Authentication Manager 8.2 appliance has a corrupt disk drive because it is behaving inconsistently or with errors that indicate hardware problems.
  • Some other requirement to revert back to the base install of Authentication Manager 8.2 or Authentication Manager 8.1, but there is no factory reset option in Authentication Manager 8.2.
TasksSteps to follow include:
  1. Downloading the Authentication Manager 8.x hardware appliance .iso file.
  2. Burning this .iso to DVD.
  3. Booting the appliance to this DVD and install Authentication Manager.
  4. Configuring the initial setup including the fully qualified domain name and IP address of the appliance.
  5. Running Quick Setup on the appliance to configure it as either a primary or a replica.
ResolutionYou will need the .iso for either:
  • The RSA Authentication Manager 8.2 hardware appliance .iso (rsa-am-hardware-appliance- to factory reset back to Authentication Manager 8.2, or
  • The RSA Authentication Manager 8.1 hardware appliance .iso (rsa-am-hardware-appliance- if you are trying to factory reset or roll back to Authentication Manager 8.1.
Refer to the relevant article on how to Remotely Install the Original System Image on an Dell Hardware Appliance or Remotely Install the Original System Image on an Intel Hardware Appliance.  Alternatively, access the Version Upgrades portal on RSA Link and search for the .iso file. For more information on how to obtain the .iso, please see 000034558 - How to download RSA Authentication Manager 8.x full kits and service packs from RSA Link. Once you have downloaded the correct .iso, follow the steps below:

  1. Burn this .iso to a DVD.  Do not simply copy the .iso.
  2. Insert the DVD into the appliance's CD/DVD drive.
  3. Reboot the appliance, using one of these methods:

  • From the Operations Console select Maintenance > Reboot Appliance.
  • Launch an SSH session or connect directly to the appliance.

  1. Login with the rsaadmin operating system account.

Note that during Quick Setup another user name may have been selected. Use that user name to login.

  1. Navigate to /opt/rsa/am/server and run the following command to stop the Authentication Manager services:

./rsaserv stop all

  1. Next, sudo to root, using the operating system account password used in step a, above.                          

sudo su -

  1. Reboot the system:


If you successfully boot the DVD, you should see the following choices displayed:

1.  Boot hard drive 
2.  Install RSA Authentication Manager 
3.  Install RSA Authentication Manager Safe Mode

  1. From the menu, choose 2.  Install RSA Authentication Manager
  2.  On some systems after the Linux Kernel Loads it can take up to 30 minutes to see the following prompt:

"Install complete checking data."

  1.  The following prompts will display.  Complete them as follows:

Keep settings? Y to keep, N to change
Agree to License <space bar> for Yes
FQDN: <enter the fully qualified domain name for the server>
IP: <enter the IP address for this server>
Subnet mask: <enter the value of the netmask>
Gateway: <enter the value of the default IP routing gateway IP>
DNS and alt: <enter relevant DNS servers>
Are these correct: <Y if settings are correct, N to redo them>

  1. Note and copy the setup code which displays on the screen, as you will need this to complete the Quick Setup process.
  2. The final prompt is Do you want to shutdown?

  • Enter Yes if, for example, the appliance is to be shipped somewhere and will be offline. 
  • Enter No if you are completing Quick Setup now.

  1. You should be able to run Quick Setup now using the FQDN entered above in the format of https://<fully_qualified_domain_name_of_server>.


If the RSA DVD does not boot, either:

  • The disk is bad,
  • The SATA optical DVD drive is bad, or
  • The SATA optical DVD drive is not first in the boot sequence (which should be the default for RSA Authentication Manager appliances).

1.  Verify the DVD disk

  1. Try booting the disk into another computer to verify that it is readable.  Cancel when you see the RSA install screen.  If the DVD not bootable, try burning again at a slower rate.
  2. Try booting a known good bootable CD or DVD in the RSA Appliance drive, to see if that boot screen appears.  Cancel when you see any install screen or else you will incur ridicule and shame.

2.  Verify the DVD/CD optical drive on the appliance

  1. Reboot the appliance with a monitor and keyboard physically attached so you can interrupt the boot sequence (typically with either the [F2] or [F11] key) and access the BIOS.
  2. Edit the BIOS boot sequence and move the internal SATA DVD/CD optical drive to the #1 boot sequence device.  If it is already there, the drive may be bad.  If it is not there, reboot and try again.

Bios Boot Sequence

  1. If the internal DVD/CD optical drive is suspected to be bad, you can RMA the appliance.  If you are in a hurry, try connecting a USB external DVD reader, make USB the #1 device in boot sequence in BIOS and try again.

Related Topics

Even though Authentication Manager 8.2 hardware appliances do not have the factory reset option, Authentication Manager 8.1 hardware appliances allowed factory reset, even from the command line. Refer to article 000033943 - How to factory reset an Authentication Manager 8.1 hardware appliance from the command line.  The command is:

/opt/rsa/am/utils/rsautil factory-reset

Some older Authentication Manager appliances that ran Authentication Manager 7.1 cannot be upgraded to Authentication Manager 8.x; for example, the Dell 2950.  For more information, refer to 000013442 - RSA SecurID Appliance 3.0 hardware that can be upgraded to Authentication Manager 8.1.

Dell appliances are shipped with Authentication Manager 8.2 SP1 pre-installed. The Authentication Manager 8.2 .iso image is not compatible with Dell appliances.

Newer model hardware introduced in Authentication Manager 8.2 or later might not be able to be factory reset back to Authentication Manager 8.1 or earlier.