An Appliance Administrator triaging a Hyper-V or VMware virtual appliance that has lost connectivity or is otherwise impaired can use the Support Kiosk even when the virtual appliance is in quarantine. For more information, see
It is recommended that terminal settings be 90 x 45 or larger. Smaller settings may result in a error like: Screen dimension to small.
When using the Windows Kiosk it is not possible to copy and paste. In Hyper-V it is possible to automate typing text from the keyboard, and using full ESX it may be possible to emulate keypresses via the API call PutUsbScanCodes().
- On the web management console, click
Support Kiosk.
- Select any of the following activities:
-
Appliance Information
This is read-only. You can re-run setup to change networking information.
-
Backups
Allows you to download or copy existing backups from quarantined appliances, so long as the appliance is not rebooted.
-
In order to gain access to any previously generated backups, perform the challenge response process.
-
Once the challenge response process is successful, click Authorize Backup Downloads.
-
The Backups page will display the backup as well as any previously authorized backups. You will only have 24 hours after the successful authorization to access the backups. The following options are available once a backup has been generated:
-
Delete Authorization: Click this link to delete the authorization granted by the challenge response process. Once deleted, you will be unable to access the backups page until a new challenge response has been successfully completed.
-
(Download): Click this button to download the backup.
-
(Copy to Share): Click this button to copy the backup to a share. You must provide the UNC path and login credentials.
-
-
- Power Options
You can reboot or shutdown the virtual appliance.- Enter the reason you want to reboot or shutdown the virtual appliance.
- Click Reboot or Shutdown.
-
The Bootstrap Administrator is a built-in account to get the appliance running for the first time. The default credentials (admin/Admin123) should be changed once Safeguard is configured. If you lose the password, you can reset it to the default using the challenge response process below.
- In Full Name or Email, enter your name or email to receive the challenge question.
- Click Get Challenge.
- To get the challenge response, perform one of the following (see the illustration that follows).
- Click Copy Challenge. The challenge is copied to the clipboard. Send that challenge to Safeguard support. Support will send back a challenge response that is good for 48 hours.
-
Screenshot the QR code and send it to Support. Support will send back a challenge response that is good for 48 hours.
IMPORTANT: Do not reboot the machine during the challenge response process.
-
Use a QR code reader on your phone to get the challenge response.
d. After the response is accepted, click Reset Password. Once the operation has completed, the password for the admin account will be defaulted back to Admin123.
- Support Bundle
A support bundle includes system and configuration information sent to One Identity Support to analyze and diagnose issues. You can download a support bundle or save the bundle to a Windows share location which you have already set up. To generate a support bundle:- Select Include Event Logs if you want to include operating system events. Unless requested by support, it is recommended to leave this unchecked because it takes much longer to generate the support bundle.
-
Create the support bundle using one of these methods:
- If you are connected via the browser not the display, you can click Download, navigate to the location for the download, and click OK.
- To copy the bundle to the share:
- Enter the UNC Path, Username, and Password.
- Select Include Event Logs, if appropriate.
- Click Copy To Share. A progress bar displays. The operation is complete when you see The bundle was successfully copied to the share.
- Diagnostic package
Appliance Administrators can execute a trusted, secure appliance diagnostics package to help solve issues with configuration, synchronization, and clustering, as well as other other internal challenges. The appliance diagnostics package is available from the web Support Kiosk, not the Serial Kiosk (Recovery Kiosk). The appliance diagnostics package can be used even when the appliance is in quarantine. To protect against external threats, Safeguard rejects illegitimate appliance diagnostics packages. The manifest file in the appliance diagnostics package lists criteria that may include the minimum Safeguard version, appliance ID, and expiration time-stamp UTC. New product code and database changes are not included in an appliance diagnostics package.
- To load for the first time, click Upload, select the file that has an .sgd extension, then click Open.
- If the upload criteria is not met, the appliance diagnostics package is not uploaded and a message like the following displays: The minimum Safeguard version needed to run this diagnostic package is <version>.
- If the upload is successful, the Diagnostic Package Information displays with a Status of Staged. Select Execute and wait until the Status changes to Completed.
- Once uploaded, you can:
- Select Download Log to save the log file. Audit log entries are available through the Activity Center during and after execution and are part of the appliance history.
- If the Expiration Date has not passed, you can select Execute to execute the appliance diagnostics package again.
- Select Delete to delete the appliance diagnostics package, the associated log file, and stop any appliance diagnostics package that is running. Before uploading a different appliance diagnostics package, you must delete the current one because there can be only one appliance diagnostics package per appliance.
- To load for the first time, click Upload, select the file that has an .sgd extension, then click Open.
-
