Restore from Backup
This procedure restores deployment data from a backup.
Restoring from a backup enables you to restore data that is accidentally deleted or restore a malfunctioning Authentication Manager primary instance.
Note: You cannot perform any administration or authentication operations during the restore from backup process. Additionally, the restoration process takes longer to complete than the backup process, because the authentication services are stopped and started. The internal database size also affects the time required to complete the restoration process.
Note: Backups taken on one version of Authentication Manager software must be restored into a primary instance using the same version of Authentication Manager software.
Before you begin
Ensure you complete the following before you start the restoration process:
You must have a backup created on your deployment.
You must be an Operations Console administrator.
Procedure
To restore from backup, complete the following steps:
In the Operations Console, click Maintenance > Backup and Restore > Restore from Backup.
Under Backup Location, do one of the following:
Select Local AM Server.
Select Windows Shared Folder.
In the Windows Shared Folder field, enter the path to an existing Windows shared folder, for example, \\primary.company.net\backup_path.
If the shared folder requires a user name, enter the user name in the Folder User Name field, for example, Domain1\User1.
If the shared folder requires a password, enter the password in the Folder Password field, for example, password1.
Select NFS (Network File System) Shared Folder.
In the NFS Shared Folder field, enter the NFS server host name and path to a NFS shared folder, for example, fileserver.company.net:/backup_path.
Under Restore Options, do one of the following:
Select All Data to restore deployment data.
Note: If you select the All Data option, no administration or authentication operations can be performed while the deployment is being restored.
Select Log Data Only to restore just the Administrative Audit, Runtime Audit, and System log data.
Note: Ensure you select this option after you promote a replica instance to transfer the historical log data from the previous primary instance to the new primary instance.
Click Next.
A list of backups is displayed. If you select Log Data Only, the backups created only on the current deployment are displayed.
Select the backup (.RSAbackup) that you want to use, and click Next.
You should use the last good backup created on the current deployment.
On the Restore from Backup page, confirm that you have selected the correct backup, and do one of the following:
To select a different backup, click Back.
To restore with the selected backup, enter the password for this backup, and click Restore. The Progress Monitor page is displayed.
Click Done when the restore process is complete.
Once the restore process is completed, login again into the Operations Console.
After you finish
If you restore an RSA Authentication Manager instance with a backup from another deployment, the restored certificates cannot be activated because they use the hostname from the backup. Either create new certificates, or continue to use certificates that were present on the RSA Authentication Manager instance before the backup was restored. For more information, see Replacing the Console Certificate.
In a replicated deployment, synchronize each replica instance with the restored primary instance. For more information, see Synchronize a Replica Instance.
If you restored the primary instance with a backup that came from a different deployment, then the restore operation automatically deletes each replica instance from the current deployment. A backup that is restored from the current primary instance in the current deployment retains each replica instance.
If the deployment includes a web tier, do the following:
If you restored the AM instance with a backup that came from a different deployment, you must re-enable the virtual host. This procedure is not required for a backup that is restored from the original AM instance in the current deployment. Do the following:
Disable the virtual host. In the Operations Console, click Deployment Configuration > Virtual Host & Load Balancing, clear the check box, and click Save.
Enable the virtual host. For more information, see the chapter Configuring a Virtual Host and Load Balancer in the RSA Authentication Manager Setup and Configuration Guide.
Generate a web-tier deployment package, and run the Web-Tier Installer. For more information, see the chapter Installing Web Tiers in theRSA Authentication Manager Setup and Configuration Guide.
If the deployment includes an embedded identity router, you must download and re-install the identity router. For more information, see Quick Setup - Connect RSA Authentication Manager to Cloud Access Service with an Embedded Identity Router.
The RADIUS server certificate on the RSA Authentication Manager instance does not get replaced with the certificate from the backup file. To update this certificate, see Replace a RADIUS Server Certificate.
Related Articles
Configure Logging Number of Views Accessing the Cloud Administration APIs Number of Views Clean Up Unresolvable Users Manually Number of Views RSA Authentication Agent SDK for C Error Handling Vulnerability Number of Views Manage My Page Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
