Performing a factory reset
As an Appliance Administrator, you can use the Factory Reset feature to reset a Safeguard for Privileged Passwords Appliance to recover from major problems or to clear the data and configuration settings on the appliance.
|
|
Caution: Care should be taken when performing a factory reset against an appliance, because this operation removes all data and audit history, returning it to its original state when it first came from the factory. The appliance must go through configuration again as if it had just come from the factory. For more information, see Setting up One Identity Safeguard for Privileged Passwords for the first time. In addition, performing a factory reset may change the default SSL certificate and default SSH host key. |
|
|
IMPORTANT: When performing a factory reset from the recovery kiosk, this is a challenge response operation, where Safeguard for Privileged Passwords generates a challenge that is then sent to One Identity Support to get a response back. You must then copy and paste this challenge response into the kiosk screen in order to proceed. Please keep the following information in mind when performing a challenge response operation:
|
|
|
NOTE: Clustered environment: Performing a factory reset on a clustered appliance will not automatically remove the appliance from a cluster. You will need to unjoin an appliance that has been factory reset from the cluster. The factory reset appliance must be configured again. For more information, see Setting up One Identity Safeguard for Privileged Passwords for the first time. |
A factory reset of an appliance may be initiated from the Appliance Information settings page in the desktop client, from the recovery kiosk or using the API .
To perform a factory reset from the desktop client
- Navigate to Administrative Tools | Settings | Appliance | Factory Reset.
- Click (or tap) Factory Reset.
-
In the Factory Reset confirmation dialog, enter the words Factory Reset and click (or tap) OK.
The appliance will go into Maintenance mode to revert the appliance. Once completed, you will be prompted to restart the desktop client. If the appliance had been in a cluster, you may need to unjoin the factory reset appliance. The factory reset appliance must be configured again. For more information, see Setting up One Identity Safeguard for Privileged Passwords for the first time. In addition, when you log into the appliance, you will be prompted to add your Safeguard for Privileged Passwords licenses.
To perform a factory reset from the recovery kiosk
|
|
NOTE: You must contact One Identity Technical Support to perform a Factory Reset from the recovery kiosk. |
- From the recovery kiosk, select the Factory Reset option.
- Right arrow.
- At id, enter your identification and press the Tab key (or down arrow).
-
At Get Challenge, press the Enter key.
Safeguard for Privileged Passwords produces a challenge.
-
Copy and paste the challenge and send it to One Identity Support.
- When you get the response from One Identity Support, copy and paste the response into the kiosk screen and select Factory Reset.
Unlocking a locked cluster
In order to maintain consistency and stability, only one cluster operation can run at a time. To ensure this, Safeguard for Privileged Passwords locks the cluster while a cluster operation is running, such as enroll, unjoin, failover, patch, reset, and routine maintenance. The Cluster view shows that the cluster is locked and that any changes to the cluster configuration are not allowed until the operation completes. The banner that appears at the top of the screen explains the operation in progress and a red lock icon (
To unlock a locked cluster
- Click (or tap) the
-
In the Unlock Cluster confirmation dialog, enter Unlock Cluster and click (or tap) OK.
This will release the cluster lock that was placed on all of the appliances in the cluster and terminate the operation.
|
|
IMPORTANT: Care should be taken when unlocking a locked cluster. It should only be used when you are sure that one or more appliances in the cluster are offline and will not finish the current operation. If you force the cluster unlock, you may cause instability on an appliance requiring a factory reset and possibly the need to rebuild the cluster. If you are unsure about the operation in progress, do NOT unlock the cluster. Most often, it will eventually time out and unlock on its own. |
Troubleshooting tips
If there is a problem with a Safeguard for Privileged Passwords cluster, follow these guidelines:
- Ensure that the hardware is powered on and online.
- Check for networking problems. For more information, see Diagnosing a cluster member.
- Attempt to reboot the appliance.
- Unjoin and re-enroll replica appliances. For more information, see Unjoining replicas from a cluster and Enrolling replicas into a cluster.
- Restore from a backup and recreate your cluster. For more information, see Using a backup to restore a clustered appliance.
- Perform a factory reset and recreate your cluster. For more information, see Performing a factory reset.
|
|
TIP: Please consider the following before contacting One Identity support for assistance:
|
Appliance states
The following table lists the appliance states and what actions are available when the appliance is in a particular state.
| Appliance state and description | Actions available |
|---|---|
|
EnrollingReplica (Only applies to replica appliances in a cluster.) A transitional state where a replica appliance is being added to a cluster and is not available for access. From this state, the appliance goes into maintenance mode to complete the enroll operation. |
Wait for operation to complete before logging into appliance. |
|
Initializing A transitional state where the appliance is initializing to start, but is not yet available for access. |
Wait for operation to complete before logging into appliance. |
|
Maintenance Appliance is performing maintenance tasks and is not available for access. |
Wait for maintenance tasks to complete before logging into appliance. |
|
LeavingCluster (Only applies to replica appliances in a cluster.) A transitional state where a replica appliance is being unjoined from a cluster and is not available for access. From this state, the appliance goes into maintenance mode to complete the unjoin operation. |
Wait for operation to complete before logging into appliance. |
|
Offline Appliance is not available for access. |
Wait for appliance to come back online before logging in. |
|
Online Appliance is online and available for access and the remaining nodes in the cluster have reached consensus. |
Log into appliance. In this state, access request workflow is available from all clustered appliances that are online and able to communicate. |
|
PatchPending (Only applies to replica appliances in a cluster.) A transitional state where a replica appliance is waiting to be upgraded. The primary appliance patches first, then instructs each replica to enter the PatchPending state. From this state, the appliance goes into maintenance mode to complete the upgrade operation. |
You can log into a replica with a PatchPending state. You can initially perform access request workflow on a replica in PatchPending state; however, during the cluster upgrade, when the majority of the cluster members have upgraded, access request worklfow migrates from the PatchPending side of the cluster to the upgraded side of the cluster. During this time, access request workflow is unavailable on any appliance still in the PatchPending state. |
|
PrimaryNoQuorum (Only applies to the primary appliance in a cluster.) The primary appliance is in a Read-Only mode while attempting to get the lease, but can't because the cluster does not have consensus. The appliance continues to attempt getting the lease and when it does, the appliance state goes back to Online. |
If the appliance is powered on, you can log into an appliance with a PrimaryNoQuorum state; however, it will be in a Read-Only mode. In this state, access request workflow is not available from the primary appliance, but may be available from other appliances in the cluster. For example, if the primary cannot communicate with the rest of the nodes in the cluster, but the rest of the nodes can communicate between themselves (ReplicaWithQuorum state), then access request workflow will be available from these replica appliances even though it is not available from the primary appliance. |
|
Quarantine Appliance is broken or in an unknown state. |
Requires manual intervention to recover. Go to recovery kiosk to recover. For more information, see Recovery kiosk. |
|
ReplicaDisconnected (Applies to replica appliances in a cluster.) A replica appliance is available for access; however, both of the following conditions apply:
|
You can log into a replica with a ReplicaDisconnected state, but access request workflow is disabled. If the replica appliance cannot communicate with the other nodes in the cluster, but the remaining nodes can communicate with each other, then access request workflow will be available from those appliances even though it is not available from the appliance that cannot communicate with them. |
|
ReplicaNoQuorum (Applies to replica appliances in a cluster.) A replica appliance can communicate with the primary appliance; however, the remaining nodes in the cluster do not reach consensus. Once the cluster regains consensus, the replica appliance will go into the Online state. |
You can log into a replica with a ReplicaNoQuorum state, but access request workflow is disabled. In this state, access request workflow is not available from the primary appliance, but may be available from other replicas. For example, in a cluster of five appliances, if the primary and a single replica cannot communicate with the remaining replicas in the cluster, but the other three replicas in the cluster can communicate between themselves (ReplicaWithQuorum state), then access request workflow will be available from the replicas that are online and communicating even though it is not available from the primary and replica that cannot communicate. |
|
ReplicaWithQuorum (Applies to replica appliances in a cluster.) A replica appliance cannot communicate with the primary appliance; however, the remaining nodes in the cluster have reached consensus. |
You can log into a replica with a ReplicaWithQuorum state. In this state, access request workflow is available from any clustered appliance that is online and able to communicate. |
|
TransitioningToPrimary (Only applies to replica appliances in a cluster.) A transitional state where a replica appliance is being promoted to be the new primary and is not available for access. |
Wait for operation to complete before logging into appliance. |
|
TransitioningToReplica (Only applies to the primary appliance in a cluster.) A transitional state where a primary appliance is being demoted to a replica and is not available for access. |
Wait for operation to complete before logging into appliance. |
|
ShuttingDown A transitional state where an appliance is shutting down and is not available for access. |
Wait for appliance to come back online before logging in. |
|
StandaloneReadOnly State used for replicas removed from a cluster (unjoined and restored replicas). Appliance is online and available for access. |
Log into appliance. StandaloneReadOnly indicates the appliance is now a Primary appliance in Read-Only mode. See Activating a read-only appliance for how to activate a Read-Only appliance so you can add, delete and modify data, apply access request workflow, and so on. |
|
Unknown Appliance is broken or in an unknown state. |
Requires manual intervention to recover. Go to recovery kiosk to recover. For more information, see Recovery kiosk. |