Verify Tachyon Server installation
To run the following tests you need:
- Tachyon Server installed
- The name and password for the server installation account, the account must also be enabled
Ref | Test | Expected | Remediation |
---|---|---|---|
TCNI01 |
| Programs and Features (appwiz.cpl) displays 1E Tachyon Server with correct version number. If an MSP update has been installed, the Installed Updates displays 1E Tachyon Server Update (Qnnnnn). The following Windows services exist and are running.
| If any of the services are not running, then check the corresponding log(s). The Switch Host service will stop after several seconds if it is unable to start any Switches. The ConsumerAPI log is not created until a user (the server installation account) successfully connects to the Tachyon Portal. The BackgroundAPI log is not created until a 1E Client attempts to download content. The 1E Tachyon Platform Product Pack can be used to trigger this. The Coordinator service will stop after several seconds if it unable to activate the license. |
TCNI02 |
|
Verify IIS security of the Tachyon web site
To run the following tests you need:
- Tachyon Server installed
- The name and password for the server installation account, the account must also be enabled
- Remote workstation with a supported browser - using a remote workstation is important because you will get different results if using a local browser,
Ref | Test | Expected | Remediation |
TCNI03 |
| Successful connection to the Tachyon Portal showing the following applications:
The ability to open Tachyon applications and navigate around them will depend on which Tachyon roles have been assigned to the logged-on account. For a new installation, the server installation account is only able to open the Settings application and view the following pages:
| Ensure the server installation account is enabled to do this test. It has the necessary rights to access Tachyon as well as NTFS rights on the Tachyon Server. 401 'Unauthorized' Typically, the website also prompts you to provide an account and password. This may occur if you are using invalid credentials or an account in a domain that is not trusted by the Tachyon Server. 403 'Access denied' When you use a browser to open an application in the Tachyon Portal, you will see Server Error 403 - Forbidden: 'Access denied' if the internal account used by the Application Pool does not have read access to the Tachyon web application folders. This can happen if Tachyon is installed in a non-default location and the NTFS permissions on the installation folder are not correct. To remedy the issue, you should review and correct NTFS permissions as described in Services and NTFS Security. 404 'File or directory not found' Is the URL you entered correct, and have the correct spelling? Is the corresponding web application installed? For example, the Consumer application may not be installed. Contact system administrator to get access When you use a browser to open an application in the Tachyon Portal and you see a message Unauthorized access, it means your AD account is not a Tachyon user. Try using an AD account that you know is a Tachyon user that is assigned to a Tachyon system role or custom role. For example, use the server installation account which is automatically installed as a Tachyon user. For a new installation, the server installation account must be used to add other Tachyon users before their AD accounts can be used to access Tachyon applications. This process is described in the Users page and the Roles page. It is used in the following TCNU verification tests. |
TCNI04 |
| The web browser will respond with the version number of the Tachyon Platform (IE will download as a JSON file, other browsers will display a response in XML format). Confirm the Version number is as expected. | |
TCNI05 |
| The web browser will respond with the version number of the SLA Platform (IE will download as a JSON file, other browsers will display a response in XML format). Confirm the Version number is as expected. | |
TCNI06 |
| The web browser will respond with You have reached Tachyon background API. (IE will download as a JSON file, other browsers will display a response in XML format). | |
TCNI07 |
| The expected response is Server Error 403 - Forbidden: Access is denied. For security reasons, access to the these web applications are allowed for local users and services only, and denied to remote devices. If the response is You have reached Tachyon Core API then there is an issue with IIS configuration. Or, you are using a browser on the actual Tachyon Server, and should do the test on a remote workstation. | Access Allowed It should not be possible for a remote web browser to have access to the Core web application. If access is possible then it is probable that the IIS role feature IP Address and Domain Restrictions is not installed on the Tachyon Server. You must ensure this IIS feature is installed, as described in the troubleshooting IIS Issues page. The Tachyon Setup installer verifies this prerequisite and optionally deploys the feature if it is missing. |
TCNI08 | Deleted test | ||
TCNI09 |
| The web browser will take you to the SLA Inventory web application. | |
TCNI10 |
| In both cases, the web browser will take you to the 1E Catalog website. If you use using http while leaving the same server address used for https, the expected response is HTTP Error 404 - Not Found. The 1E Catalog can use both http and https provided that you specify the correct server name for each protocol. For interactive use it is recommended that you use https. Http is provided for internal compatibility with existing consumers. | To access the Admins tab in the CatalogWeb, you must manually add one or more administrator accounts or groups to the website configuration. Please refer to Rebuilding the 1E Catalog: Granting administrative privileges. |
Verify user rights assignment
To run the following tests you need:
- Tachyon Server installed and above TCNI verification tests passed
- The name and password for the server installation account, the account must also be enabled
- Two AD User accounts, Test User 1 and 2
- must not be existing Tachyon users because they will be assigned specific roles for the purpose of these tests.
- must have email addresses and be able to read emails.
- The 1E Tachyon Platform Product Pack, if not already installed
1E is often asked why the 1E Tachyon Platform Product Pack is not built into the product. The reason is that uploading a known Product Pack is part of the verification process and ensures the user is able to upload at least one pack and carry out all the other necessary tasks at least once before exploring other aspects of Tachyon.
Ref | Test | Expected Response | Remediation |
TCNU01 |
All the instructions contained in the zip file will initially be added to the default Unassigned instruction set. Instructions in the Unassigned instruction set cannot be used, so you will need to add the instructions to a new instruction set:
| You will upload the 1E Tachyon Platform Product Pack and assign them to a new instruction set called 1E Tachyon Platform. For a new Tachyon installation, the Instruction sets page will not contain any instruction definitions. After uploading the 1E Tachyon Platform Product Pack, the two instructions contained in the Product Pack will be displayed on the Product packs page. After creating the 1E Tachyon Platform instruction set this will appear in the Instruction sets list. After moving the verification instructions from Unassigned to the 1E Tachyon Platform instruction set, the instruction count for the 1E Tachyon Platform instruction set will go up by 2. Unlike some earlier versions of Tachyon, this version does not support the drag+drop method of uploading Product Packs. You can use the Tachyon Product Pack Deployment tool instead. | If the server installation account is not able to add instructions from a Product Pack, then the installation account is not assigned to the Instruction Set Administrators role. You can confirm if this is the case by viewing the rights of the server installation account in the Settings→Permissions→Users page. You may have upgraded Tachyon from a previous version where the server installation account was not automatically assigned to this role. Contact 1E for advice on how to fix this. |
TCNU02 |
| Entering one or more characters and clicking the search icon returns a list of matching user accounts and security groups. Selecting a group and viewing its members shows the Name and Email of each member. | The purpose of this step is to confirm the system is capable of searching Active Directory. You do not need to add the group; you will add users in the next step. The ability to search and find different types of AD security group depends on the search method selected during installation of the Tachyon Server, as described in Design considerations: Active Directory Security Groups. |
TCNU03 |
| The following custom role exists:
The following users are included in the list of Users.
You will also see some system and machine accounts in the list of users. These are used internally for interaction with other Tachyon components and should not concern you at this time. | |
TCNU04 |
| Each Test User is able to view the following menu pages in the Explorer application:
| Contact system administrator to get access When you use a browser to open an application in the Tachyon Portal and you see a message Unauthorized access, it means your AD account is not a Tachyon user. Try using an AD account that you know is a Tachyon user that is assigned to a Tachyon system role or custom role. For example, use the server installation account which is automatically installed as a Tachyon user. For a new installation, the server installation account must be used to add other Tachyon users before their AD accounts can be used to access the Tachyon Explorer. This process is described in the Users page and the Roles page. 403 'Access denied' When you use a browser to open an application in the Tachyon Portal, you will see Server Error 403 - Forbidden: 'Access denied' if the internal account used by the Application Pool does not have read access to the Tachyon web application folders. This can happen if Tachyon is installed in a non-default location and the NTFS permissions on the installation folder are not correct. To remedy the issue, you should review and correct NTFS permissions as described in Services and NTFS Security. |
Verify 1E Client installation
To run the following tests you need:
- Tachyon Server installed and above TCNI verification tests passed
- Two AD User accounts, Test User 1 and 2 and above TCNU verification tests passed
- At least one test device on which the 1E Client will be installed
- 1E Client installation source files and configuration details required by your Tachyon implementation
Ref | Test | Expected Response | Remediation |
TCNA01 |
| 1E Client installed. Programs and Features displays 1E Client.
If an MSP update has been installed, the Installed Updates displays 1E Client Update (Qnnnnn). | The first 1E Clients can be installed manually or using a script. You should repeat this set of tests when you have deployed a few 1E Clients using your organization's preferred deployment method. You may need to edit the 1E Client configuration file after installation, to suit the requirements of your implementation, and restart the 1E Client service. |
TCNA02 |
| The following Windows services exist and are running.
| If the 1E Client service is not running, then check the Client log. |
TCNA03 |
| No errors. | Check the Switch setting in the Client configuration file is using the correct DNS Alias for the Tachyon Server, and correct port for the Switch. If errors in the Client log relate to certificates then see Client issues: Tachyon client certificate issues. |
TCNA04 |
| Each Test Device is listed in the Tachyon Devices Table page. The device details shows information about the device's system, activity, certificate and configuration settings. | If you cannot use the Test User 1 or 2 accounts then use another Tachyon user account. All Tachyon users are able to view the Tachyon Devices Table page. Check the configuration of the Tachyon client and review the Switch setting in the 1E Client configuration file. |
Verify Tachyon client-server communications (stage 1 and 2 instructions)
To run the following tests you need:
- Tachyon Server installed and above TCNI verification tests passed
- At least one test device has 1E Client installed and above TCNA verification tests passed
- Two AD user accounts configured as Tachyon users and above TCNU verification tests passed
To run the following tests you need to logon to a workstation with a user account that is assigned to at least one of the Tachyon administration roles. 1E Tachyon Platform Product Pack below describes the purpose of each of its verification instructions.
Ref | Test | Expected Response | Remediation |
TCNA01 | See TCNA01 above. | Each Test Device is listed in the Tachyon Explorer Devices page. | |
TCNA05 |
| When the Tachyon Platform verification stage 1 question is asked, the Explorer view changes to the Instruction History Responses page. The Instruction History Responses page lists the software products installed on each Test Device. Contents are shown for online Devices that have the 1E Client installed and running. If you view other Explorer pages and want to get back to the Instruction History Responses page, then you should select Instruction History from the navigation menu on the left side, and you should see a list of the instructions that have been run. You may then click on the name of the instruction to view its responses. The Client log indicates:
| You may need to refresh the Instruction History Responses page. Verification stage 1 tests communication between the 1E Client and Switch. Any issues will appear in the Client log. Check each test device has the 1E Client running and is online. |
TCNA06 |
| If Two-Factor authentication (2FA) is enabled then Explorer will prompt for an authentication code, and Test User 1 should receive an authentication code by email. The Explorer view changes to Instruction pending approval. Test User 2 should receive an email asking for approval. | This stage of the Verification tests communication between the Tachyon Server and the SMTP relay/gateway. If 2FA is enabled and Test User 1 does not receive an email with the authentication code, then:
If Test User 2 does not receive an email, then:
|
TCNA07 |
| When clicking on the link in the request for approval email, a browser should open automatically and take you to the Notifications page. You can view notifications and approval request at any time by clicking on the notification icon. The icon will show the number of actions pending approval by the logged on user. When the request is approved by Test User 2:
| If Test User 2 is unable to approve the request, then:
|
TCNA08 |
| Response details show a list of devices and their Client configuration details. You may need to refresh the Details page. This stage of the Verification tests the Client's connection to the Background Channel. Successful execution of the action will cause the following to appear in the Client log:
You may have to wait up to 5 minutes for the action to complete on each device. This is because the default 1E Client setting for DefaultStaggerRangeSeconds=300. | Repeat test TCNI05 using a browser on the test device to confirm the Background Channel has been configured correctly. A common error is an incorrect value for the BackgroundChannelUrl setting in an 1E Client configuration file. If you deployed the 1E Client using a software deployment tool like Microsoft's ConfigMgr then look to see if similar devices have the same issue. Check the 1E Client's configuration file on problem devices to see if the setting has the correct URL for the Background Channel. Check to see if the Background Channel has the scripts used by the Stage 2 instruction. Review the contents of C:\ProgramData\1E\Tachyon\Content folder on the server hosting your Background Channel. The Content folder should contain at a folder named 1E Tachyon Platform-VerificationStage2 which contains a sub-folders with a PowerShell file, and another subfolder containing a bash and a perl files. |
Verify extended features
To run the following tests you need:
- all the above tests completed
- to logon to a workstation with a user account that is assigned to at least one of the Tachyon administration roles that allows you to run some instructions, which can include a Verification instruction already used above.
Ref | Test | Expected Response | Remediation |
TCNX01 | Export All feature
| This test verifies BCP has been installed on the Tachyon Server, and an Export share is correctly configured, as described in Tachyon Server post-installation tasks: Configure the Tachyon Server to support the Export all responses feature. When you stop the question or wait for the question to complete its gather duration, then the Export all results button will be enabled. TSV is a tab-delimited text file. | If you see a popup error initiating export operation after clicking on the Export All results button, then
|
1E Tachyon Platform Product Pack
Instruction text (ReadablePayload) | Type | Description | Instruction file name | Version |
---|---|---|---|---|
Tachyon Platform verification stage 1 | Question | Stage 1 of the Tachyon Platform verification will return all software installed on each 1E Client endpoint. Verification stage 1 is a simple question-type instruction used to verify:
| 1E-TachyonPlatform-VerificationStage1 | 9 |
Tachyon Platform verification stage 2 (all platforms) | Action | Stage 2 of the Tachyon Platform verification will run a PowerShell script to return a subset of the current configuration of the Tachyon client features of 1E Client. Verification Stage 2 is normally expected to be run as a follow-up action for Verification Stage 1. Verification stage 2 is a simple action-type instruction used to verify:
For details about PowerShell and Bash support please refer to Requirements: Tachyon scripting requirements. The rate at which Responses are returned to the Tachyon system via the Switch is affected by the 1E Client setting DefaultStaggerRangeSeconds. This setting governs a random delay before the instruction downloads the script from the Background Channel. This stagger setting is ignored on Windows OS if Nomad client is enabled - instead only one client per subnet (or site if Nomad SSD is used) will act as master and download the script from the Background Channel, and peer clients will download the script from the master. | 1E-TachyonPlatform-VerificationStage2 | 9 |