Contents

Verifying

Summary

Basic verification tests that cover a single-switch installation of Tachyon Server. These tests should be run in series. They start with basic server checks, then testing agents, and finally using the Tachyon Verification pack to do end-to-end tests that confirm all components are working. Depending on the decisions you have made during the design phase of your project you may need additional tests to verify your Tachyon implementation.

Please ensure you complete all verification tests. They not only confirm your system is operational, but they also introduce you to concepts and tasks that you will use later when using Tachyon.


On this page:

To run these tests you need:

  1. Tachyon Server installed
  2. Remote workstation with a supported browser
  3. The name and password for the server installation account 
    1. the AD account must be enabled
    2. the account may already be assigned to other Tachyon roles either directly or via membership of an AD group role.
  4. Two AD User accounts, Test User 1 and 2 
    1. must not be existing Tachyon users because they will be assigned specific roles for the purpose of these tests.
    2. must have email addresses and be able to read emails.
  5. The 1E-TachyonPlatform.zip product pack file containing the Tachyon Verification instructions, if not already installed. In these tests this file is referred to as the Tachyon Verification product pack.
  6. At least one test device on which the Tachyon Agent will be installed
  7. Tachyon Agent installation source files and configuration details required by your Tachyon implementation

Verify Server Installation

To run the following tests you need:

  1. Tachyon Server installed
  2. The name and password for the server installation account, the account must also be enabled
RefTestExpectedRemediation
TCNI01
  • Logon to the Tachyon Server using the server installation account
  • Confirm Programs and Features
  • Confirm Tachyon's Windows services.

Programs and Features displays 1E Tachyon Server with correct 3 part version number.

If an MSP update has been installed, the Installed Updates displays 1E Tachyon Server Update (Qnnnnn).

The following Windows services exist and are running.

  • 1E Tachyon Coordinator
  • 1E Tachyon Switch Host

The Switch Host service has a delayed start.

If any of the Tachyon services is not running, then check the corresponding log(s).

The Switch Host service will stop after several seconds if it is unable to start any Switches.

The ConsumerAPI log is not created until a user (the server installation account) successfully connects to the Explorer portal.

The BackgroundAPI log is not created until an Agent attempts to download an Agent resource. The Tachyon Verification Product Pack can be used to trigger this.

TCNI02
  • Check the Tachyon Server logs.

ComponentLog
1E Tachyon Coordinator service
Tachyon.Instrumentation.log
Tachyon.Coordinator.log

1E Tachyon Switch Host service

Tachyon.Switch.Host.log
Background web application (Background Channel)
Tachyon.BackgroundAPI.log
Consumer web application (Consumer API)
Tachyon.ConsumerAPI.log
Core & CoreInternal web applications
Tachyon.CoreAPI.log
Switch
Tachyon.Switch_A.log
Explorer (Explorer and Admin porta)n/a
AuthenticationTachyon.AuthenticationApi.log

The default location for all Tachyon Server logs is the folder %ALLUSERSPROFILE%\1E\Tachyon\

Please refer to Services and NTFS Security if changing the location of log files.

In this version of Tachyon Server, the installer does not support the LOGPATH property and the logs folder is not configurable during installation.

Each component has a configuration file in the Tachyon Server installation folder structure, which contains log configuration details. Defaults are:

  • Filepath %ALLUSERSPROFILE%\1E\Tachyon\
  • Filename as shown in the table above.
  • Maximum size 10MB (2MB for Switch logs).
  • 2 rollover files numbered 1 to 2 with the rollover number included as n.log (5 rollover files for Switch logs).
  • Date and timestamps are UTC to help troubleshooters synchronise logs on systems in different timezones.

Switch logs have the following names:

  • The first Switch installed will typically have a log filename Tachyon.Switch_A.log
  • Other Switches on the same server will have different letters appended. The letter is derived from the ID in the SwitchConfiguration table, where the letter is modulo 26 of the ID minus 1, for example ID=2 is A and ID=6 is E.
  • The log filename will be unique on a server, but there may be the same named log on a different server.
  • A Switch will continue to use the same log, unless the SwitchConfiguration table is modified so that a different ID is used.
  • If you see a Tachyon.Switch.log without a letter appended, this is a special case where a Switch cannot find its correct configuration, and has fallen back to using the template * row which has ID=1. In which case you will need to troubleshoot how that happened.
  • Rollover logs have numbers appended, for example Tachyon.Switch_A.1.log, up to a default maximum of 5.

Tachyon server components use the log4net RollingFileAppender class. Details can be found in http://logging.apache.org/log4net.

Verify IIS Security of the Tachyon Web site

To run the following tests you need:

  1. Tachyon Server installed
  2. The name and password for the server installation account, the account must also be enabled
  3. Remote workstation with a supported browser
RefTestExpectedRemediation
TCNI03

Successful connection to the Tachyon Explorer portal.

The ability to navigate around the Explorer portal will depend on which Tachyon roles have been assigned to the logged-on account.

The server installation account is able to view the following Administration menu pages:

  • Instruction sets
  • Permissions
  • Registered mobile phones
  • Consumers
  • Admin log
  • License info

Ensure the server installation account is enabled to do this test. It has the necessary rights to access Tachyon as well as NTFS rights on the Tachyon Server.

401 'Unauthorized'

Typically, the website also prompts you to provide an account and password.

This may occur if you are using invalid credentials or an account in a domain that is not trusted by the Tachyon Server.

403 'Access denied'

When you use a browser to connect to the Tachyon Explorer you will see Server Error 403 - Forbidden: 'Access denied'  if your AD account does not have read access to the Tachyon web application folders:

  • Background - Background Channel
  • Consumer - Consumer API
  • Explorer - Tachyon Explorer and Admin portal
  • Registration - Registration service (if installed)

This can happen if Tachyon is installed in a non-default location and the NTFS permissions on the installation folder are not correct. To remedy the issue, you should review and correct NTFS permissions as described in Services and NTFS Security.

404 'File or directory not found'

Is the URL you entered correct, and have the correct spelling?

Is the corresponding web application installed? For example, the Registration Service may not be installed.

Contact system administrator to get access

When you use a browser to connect to the Tachyon Explorer and you see a message Contact system administrator to get access, it means your AD account is not a Tachyon user.

Try using an AD account that you know is a Tachyon user that is assigned to a Tachyon system role or custom role. For example, use the server installation account which is automatically installed as a Tachyon user.

For a new installation, the server installation account must be used to add other Tachyon users before their AD accounts can be used to access the Tachyon Explorer. This process is described in The Permissions page and is used in the following TCNU verification tests.

TCNI04
  • Change the web browser URL from /Explorer to /Consumer

The web browser will respond with the Version number of the Tachyon server (IE will download as a JSON file, other browsers will display a response in XML format).

Confirm the Version number is as expected.

TCNI05
  • Change the web browser URL from /Explorer to /Background
The web browser will respond with 'You have reached Tachyon background API.' (IE will download as a JSON file, other browsers will display a response in XML format).
TCNI06
  • Change the web browser URL from /Explorer to /Registration
The web browser will respond with 'You have reached Tachyon Registration Service.' (IE will download as a JSON file, other browsers will display a response in XML format).
TCNI07
  • Change the web browser URL from /Explorer to /Core

The expected response is 'Server Error 403 - Forbidden: Access is denied'.

For security reasons, access to the these web applications are allowed for local users and services only, and denied to remote devices.

If the response is 'You have reached Tachyon Core API' then there is an issue with IIS configuration. Or, you are using a browser on the actual Tachyon Server, and should do the test on a remote workstation.

Access Allowed

It should not be possible for a remote web browser to have access to the following web applications:

  • /Core
  • /CoreInternal

If access is possible then it is probable that the IIS role feature IP Address and Domain Restrictions is not installed on the Tachyon Server. This version of the Tachyon Server installer does not check for this prerequisite. You must ensure this IIS feature is installed, as described in the troubleshooting IIS Issues page.

TCNI08
  • Change the web browser URL from /Explorer to /CoreInternal
TCNI09
  • Change the web browser URL from /Explorer to /Authentication

When accessed from a server on which the Registration Service is installed the web browser will respond with the Version number of the Tachyon server (IE will download as a JSON file, other browsers will display a response in XML format).

When accessed from any other device the expected response is 'Server Error 403 - Forbidden: Access is denied'.


Access Allowed

In order for the Registration service to access the Authentication service, the Authentication web application requires its IP Address and Domain Restrictions to be configured with the IP address(es) of the Registration server.

Verify User Rights Assignment

To run the following tests you need:

  1. Tachyon Server installed and above TCNI verification tests passed
  2. The name and password for the server installation account, the account must also be enabled
  3. Two AD User accounts, Test User 1 and 2
    1. must not be existing Tachyon users because they will be assigned specific roles for the purpose of these tests.
    2. must have email addresses and be able to read emails.
  4. The Tachyon Platform product pack, if not already installed

1E is oftne asked why the Verification


RefTestExpected ResponseRemediation
TCNU01
  • Locate the Tachyon Verification product pack
  • Start a supported browser on a workstation
  • Connect to the Tachyon Explorer portal as the server installation account
  • Go to the Administration Instruction sets page
  • Add the Tachyon Verification product pack:
    • either by dragging the zip file onto the page's dropzone
    • or using the browse button to select the zip.
  • Create a new Instruction set called Tachyon Verification by clicking the Add new set button
  • Move the verification instructions from the Unassigned instruction set to the Tachyon Verification instruction set
    • Click the down arrow at the end of each instruction entry and select Tachyon Verification from the list

For a new Tachyon installation, the Instruction sets page will not contain any instruction definitions.

After adding the Tachyon Verification product pack, the two instructions contained in the product pack will be displayed on the Product packs page.

After creating the Tachyon Verification instruction set this will appear in the Instruction sets list.

After moving the verification instructions from Unassigned to the Tachyon Verification instruction set, the instruction count for the Tachyon Verification instruction set will go up by 2.

If the server installation account is not able to add instructions from a product pack, then the installation account is not assigned to the Instruction Set Administrators role. You can confirm if this is the case by viewing the rights of the server installation account in the Administration Permissions page. You may have upgraded Tachyon from a previous version where the server installation account was not automatically assigned to this role. Contact 1E for advice on how to fix this.

TCNU02
  • Connect to the Tachyon Explorer portal as the server installation account
  • Go to the Administration Permissions page
  • Go to the Users tab and search for an AD Group
  • Select one of the AD groups and click OK
  • Click on Members to enumerate the AD group members
  • Click Cancel and Yes to confirm

Searching returns lists of user and groups.

Selecting a group and viewing its members shows the Name and Email of each member.

The purpose of this step is to confirm the system is capable of searching Active Directory. You do not need to add the group; you will add users in the next step.

The ability to search and find different types of AD security group depends on the search method selected during installation of the Tachyon Server, as described in Design considerations - Active Directory Security Groups.

 

TCNU03
  • Connect to the Tachyon Explorer portal as the server installation account
  • Go to the Administration Permissions page
  • Go to the Roles tab and add a custom role with the following properties
    • Role name: Tachyon Verification
    • Assign Instruction Sets: Tachyon Verification
    • Permissions: Actioner, Approver, Questioner, Viewer
    • Assign Management Group: All Devices
    • Click on Save.
  • Go to the Users tab and add Test User 1
    • Role: Tachyon Verification
  • Repeat for Test User 2

The following custom role exists:

  • Tachyon Verification

The following users are included in the list of Users.

  • Server installation account - assigned to roles:
      • Instruction Set Administrators
      • Permissions Administrators
      • Consumer Administrators
  • Test User 1 - assigned to roles:
      • Tachyon Verification
  • Test User 2 - assigned to roles:
      • Tachyon Verification
 
TCNU04
  • Connect to the Tachyon Explorer portal as Test User 1
  • Repeat for Test User 2

Each Test User is able to view the following menu pages:

  • Home
  • Instructions
    • History
    • Tasks
    • Scheduled
  • Devices
    • Table
    • Dashboard
  • Notifications

Contact system administrator to get access

When you use a browser to connect to the Tachyon Explorer and you see a message Contact system administrator to get access, it means your AD account is not a Tachyon user.

Try using an AD account that you know is a Tachyon user that is assigned to a Tachyon system role or custom role. For example, use the server installation account which is automatically installed as a Tachyon user.

For a new installation, the server installation account must be used to add other Tachyon users before their AD accounts can be used to access the Tachyon Explorer. This process is described in The Permissions page.

403 'Access denied'

When you use a browser to connect to the Tachyon Explorer you will see Server Error 403 - Forbidden: 'Access denied'  if your AD account does not have read access to the Tachyon web application folders:

  • Background - Background Channel
  • Consumer - Consumer API
  • Explorer - Tachyon Explorer and Admin portal
  • Registration - Registration service (if installed)

This can happen if Tachyon is installed in a non-default location and the NTFS permissions on the installation folder are not correct. To remedy the issue, you should review and correct NTFS permissions as described in Services and NTFS Security.

Verify Agent Installation

To run the following tests you need: 

  1. Tachyon Server installed and above TCNI verification tests passed
  2. Two AD User accounts, Test User 1 and and above TCNU verification tests passed 
  3. At least one test device on which the Tachyon Agent will be installed
  4. Tachyon Agent installation source files and configuration details required by your Tachyon implementation
RefTestExpected ResponseRemediation
TCNA01
  • Install the Tachyon Agent on the test device using the configuration settings required for your implementation
    • DNS Alias of Tachyon Server
    • Port used by the Tachyon Switch
    • Port used by the Tachyon Background Channel
  • Include optional MSP update
  • Confirm Programs and Features

Tachyon Agent installed.

Programs and Features displays 1E Tachyon Agent.

  • correct platform x86 or x64
  • correct 3 part version number

If an MSP update has been installed, the Installed Updates displays 1E Agent Update (Qnnnnn).

The first Agents can be installed manually or using a script.

You should repeat this set of tests when you have deployed a few Agents using your organization's preferred deployment method.

You may need to edit the Agent configuration file after installation, to suit the requirements of your implementation, and restart the Agent service.

TCNA02
  • Confirm Tachyon's Windows services.

The following Windows services exist and are running.

  • 1E Tachyon Agent

If the 1E Tachyon Agent service is not running, then check the Agent log.

TCNA03
  • Check the Tachyon Agent log.

No errors.

 To view LOG file locations for each OS platform, click to expand...

The logpath can be set using an installation property and changed post-installation using a configuration property, as decribed in the Tachyon Agent installer and configuration properties (Logpath).

The following are default logpaths:

Windows:
%ALLUSERSPROFILE%\1E\Tachyon\Tachyon.Agent.log

Mac OSX:
/Library/Logs/Tachyon.Agent.log

Other non-Windows platforms:
/var/log/1E/Tachyon/Tachyon.Agent.log

By default, Windows resolves %ALLUSERSPROFILE% as follows.

For Windows 7 and later - C:\ProgramData\

Prior to Windows 7 - C:\Documents and Settings\All Users\Application Data\

The following are not configurable in this version:

  • Maximum size of 5MB
  • 5 rollover files numbered 1 (newest) to 5 (oldest) with the rollover number included as n.log

Check the Switch setting in the Agent configuration file is using the correct DNS Alias for the Tachyon Server, and correct port for the Switch.

If errors in the Agent log relate to certificates then see Configuration issues.

TCNA04
  • Start a supported browser on a workstation
  • Connect to the Tachyon Explorer portal as Test User 1
  • Go to the Devices page
  • For each Test Device that has had the Tachyon Agent installed, confirm the device is listed in the Devices Table page.
  • Click on each device and view the device properties.

Each Test Device is listed in the Tachyon Devices Table page.

The device details shows information about the device's system, activity, certificate and configuration settings.

If you cannot use the Test User 1 or 2 accounts then use another Tachyon user account. All Tachyon users are able to view the Tachyon Devices Table page.

Check the configuration of the Agent and review the Switch setting in the Agent configuration file.

 To CONF file locations for each platform, click to expand...

The Tachyon Agent is controlled via the Tachyon Agent configuration file, which resides in the installation folder with the Tachyon Agent executable. The name of the configuration file is Tachyon.Agent.conf.

The default installation location used for the different OS supported by the Agent are given in the following table:

OSDefault Install Location
Windows

%ProgramFiles%\1E\Tachyon\Agent

Linux and Solaris/etc/1E/Tachyon/Agent
Mac'/Library/Application Support/1E/Tachyon/Agent'

The configuration file uses ASCII encoding.

A comment line starts with the # symbol.

Verify Agent Server Communications

To run the following tests you need: 

  • Tachyon Server installed and above TCNI verification tests passed
  • At least one test device has Tachyon Agent installed and above TCNA verification tests passed
  • Two AD user accounts configured as Tachyon users and above TCNU verification tests passed

To run the following tests you need to logon to a workstation with a user account that is assigned to at least one of the Tachyon administration roles.

RefTestExpected ResponseRemediation
TCNA01
See TCNA01 above.Each Test Device is listed in the Tachyon Explorer Devices page. 
TCNA05
  • Connect to the Tachyon Explorer portal as Test User 1
  • Go to the Home page
  • Type verification
  • Select Tachyon Platform verification stage 1
  • Click Ask this question

When the Tachyon Platform verification stage 1 question is asked, the Explorer view changes to the Instruction History Responses page.

The Instruction History Responses page lists the software products installed on each Test Device.

Contents are shown for online Devices that have the Tachyon Agent installed and running.

If you view other Explorer pages and want to get back to the Instruction History Responses page, then you should select Instruction History from the navigation menu on the left side, and you should see a list of the instructions that have been run. You may then click on the name of the instruction to view its responses.

The Agent log indicates:

  • Running instruction
  • Searching for installations with publisher="(any)" and product="(any)"
  • Matched nnn installations
  • Successfully processed instruction

You may need to refresh the Instruction History Responses page.

Verification stage 1 tests communication between the Agent and Switch. Any issues will appear in the Agent log.

Check each test device has the Tachyon Agent running and is online.

TCNA06
  • Connect to the Tachyon Explorer portal as Test User 1
  • Go to the Responses page for the Tachyon Platform verification stage 1 question
  • Click on the Actions tab
  • Type verification
  • Select Tachyon Platform verification stage 2
  • Click Perform this action
  • Enter the password for the Test User 1 account
  • If 2FA is enabled, enter the authentication code

If Two-Factor authentication (2FA) is enabled then Explorer will prompt for an authentication code, and Test User 1 should receive an authentication code by email, and on their mobile device if the Tachyon App has been installed and correctly registered.

The Explorer view changes to Instruction pending approval.

Test User 2 should receive an email asking for approval.

This stage of the Verification tests communication between the Tachyon Server and the SMTP relay/gateway.

If 2FA is enabled and Test User 1 does not receive an email with the authentication code, then:

  • check the Authentication log and confirm it is using the correct configuration for the SMTP server

If Test User 2 does not receive an email, then:

  • check the user is assigned to the Tachyon Verification role
  • the Tachyon Verification role has access rights which include Approver
  • check the Workflow log and confirm it is using the correct configuration for the SMTP server
TCNA07
  • Connect to the Tachyon Explorer portal as Test User 2
    • either click on the link in email received in the previous step and wait for a browser to connect you to the Tachyon Explorer portal
    • or connect to the Tachyon Explorer portal as normal and click on the notification icon
  • View the Request for action approval for the Tachyon Platform verification stage 2 action
  • Tick the box I understand approving my request impacts my IT environment
  • Click Approve

When clicking on the link in the request for approval email, a browser should open automatically and take you to the Notifications page.

You can view notifications and approval request at any time by clicking on the notification icon. The icon will show the number of actions pending approval by the logged on user.

When the request is approved by Test User 2:

  • the Tachyon Explorer view changes to Approval has been processed successfully
  • Test User 1 should receive an email saying the action has been approved

If Test User 2 is unable to approve the request, then:

  • check the user is assigned to the Tachyon Verification role
  • the Tachyon Verification role has access rights which include Approver
TCNA08
  • Connect to the Tachyon Explorer portal as either Test User 1 or 2
  • Go to the Instruction History page
  • Click on the Tachyon Platform verification stage 2 instruction to view the response details

Response details show a list of devices and their Agent configuration details. You may need to refresh the Details page.

This stage of the Verification tests the Agent's connection to the Background Channel. Successful execution of the action will cause the following to appear in the Agent log:

  • Duplicate log entries showing a repeat run of the previous question
  • A series of log entries showing a connection to the Background Channel, then the PowerShell script TachyonVerification.ps1 is downloaded and run
  • Successfully processed instruction

You may have to wait up to 5 minutes for the action to complete on each device. This is because the default Agent setting for DefaultStaggerRangeSeconds=300.

Check the BackgroundChannelUrl setting in the Agent configuration file is using the correct URL for the Background Channel on the Tachyon Server.

Repeat test TCNI05 using a browser on the test device.

Verify Extended Features

To run the following tests you need:

  • all the above tests completed
  • to logon to a workstation with a user account that is assigned to at least one of the Tachyon administration roles
RefTestExpected ResponseRemediation
TCNX01
  • To confirm the share is accessible, use Windows Explorer to browse to the share name specified when the Export all feature was configured
  • Connect to the Tachyon Explorer portal and ask a question
  • After at least one device has responded with content, stop the question and keep the responses
  • In the Content or Status tab on the Responses page, click on Export all results
  • Enter the share name and click Save
  • Use Windows Explorer to browse to the share name and observe a TSV file has been created
  • Use Microsoft Excel or Notepad to view the contents of the TSV file

This test verifies BCP has been installed on the Tachyon Server, and an Export share is correctly configured, as described in Tachyon Server post-installation tasks - Configure the Tachyon Server to support the Export all responses feature.

When you stop the question or wait for the question to complete its gather duration, then the Export all results button will be enabled.

TSV is a tab-delimited text file.

If you see a popup error initiating export operation after clicking on the Export All results button, then

  • ensure you specify the hostname or hostname FQDN of the Windows computer where the share has been created; do not use a DNS Alias
  • check the share permissions
  • check the share NTFS security