WARNING: Setting up a new KSS without performing recovery initializes a completely new key, requiring all existing users to re-onboard and sharing operations to be repeated.
Once the recovery procedure has been completed, end users who were previously onboarded with the KSS will continue to function uninterrupted and new end users can be onboard with the existing KSS ID.
Recovery Walkthrough:
If possible, identify the profile ID (4 words with dashes in between) of the KSS server that has failed. It is listed in the settings section of the mobile application.
Retrieve the keyserver.yml policy file from the KSS server that has failed if possible.
Install Atakama on the new server. Do not perform onboarding.
Locate/download and copy the “backup-key.txt” file that was created during the initial KSS installation into the “c:\temp” on the new server.
Copy the keyserver.yml policy file to %localappdata%\Atakama on the new server. If the Atakama folder is missing, you can manually create it.
Load a profile from a device of the target profile by running the following command:
Scan the QR code.
Run the following command to list the device list:
Run the following command to load a profile from the added device:
Note: Device ID is a 4-word ID from the step above
To list the profiles run:
Select the needed profile by running:
Run the following command to list the device list from the selected profile:
Input the recovery words (14 words or 24 words) into the new computer using this command:
- Run the following command to shutdown Atakama background processes:
Run the following command to ingest the backup key:
A MofNop will be sent to ALL the devices associated with the KSS profile (similar to the finalize MofNop).
Approve the MofNop.
- Run the following command to shutdown Atakama background processes:
Run the following command to finalize the recovery process:
Approve the MofNop.
You can now add the Secure Folder(s) and launch Atakama normally.
- Add the License Key after executing the following command:
Run the following command to initialize the KSS:
For Atakama versions prior to Quantum Quetzalcoatl run the following command:
On a regular Keyserver:For Atakama versions of Quantum Quetzalcoatl and newer run the following command:
On a regular Keyserver:On Cluster Mode:
To load the policy file to the database and update the ruleset
Run the following command to load the policy file to the database and update the ruleset: