Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

This guide explains how to create and use a Rescue USB flash drive to reinstall and recover the ExtraHop® system. When booting from the Rescue USB flash drive, you can also perform memory and hardware tests to ensure that the ExtraHop appliance functions properly.

Create the Rescue USB Flash Drive

To create the USB flash drive:

  1. Download the Rescue USB flash drive image:

    1. Log in to the Support Portal at www.extrahop.com/support/support-portal/.

    2. Scroll down to the Utilities section, and click the Appliance rescue flash drivedownload link.

  2. When redirected to the Rescue USB .img file, download the .img file to your local drive.

  3. Copy the .img file to a USB flash drive:

    • (Linux or Mac OS) Use the dd command in the terminal:

      dd if=<file location> of=<location of root block device>

    • (Windows) Use a utility such as Win32 Disk Imager.

    Displaying the Select Boot Option Screen

    The Select Boot Option screen has options to boot from the Rescue USB flash drive and to perform memory tests.

    To display the Select Boot Option screen:

    1. If your appliance has a CD drive, make sure that no CD is present.

    2. Insert the Rescue USB flash drive into a USB port on the ExtraHop appliance.

      Ports are located on the front of the appliance.

    3. If restarting within the firmware, do the following:

      1. Log in to the ExtraHop system Command Line Interface (CLI) with the shell user account using either a monitor and USB keyboard plugged into the ExtraHop appliance or the iDRAC interface.

        The default password is the service tag number of the appliance.

      2. Enable the privilege commands. The default password is the setup user password.

        extrahop>enable

        Password:

        extrahop#

      3. At the prompt, restart the system using the restart command, and specify the system parameter as the component that you want to restart:

        restart system

    4. At the prompt, access the Boot Manager by pressing the F11 key.

    5. Click One-shot BIOS Boot Menu under Boot Manager Main Menu.[[CJ comment: Wrong menu item is highlighted. Should get correct shot or delete.]]

    6. Under Select Legacy Boot Option, click the selection for your Rescue USB flash drive.

    Performing Memory Tests

    If an error occurs during the boot process, you may need to reboot the system and perform the memory tests. For example, the system may have already detected and displayed an error message with bad DIMMs and their location during boot, as shown below.

    Memory Initialization Warning: Memory size may be reduced.

    MEMTEST lane failure detected on DIMM A2

    MEMTEST failure - The following DIMM has been disabled by BIOS: DIMM A2

    MEMTEST failure - The following DIMM has been disabled by BIOS: DIMM A5

    Warning: The memory tests run indefinitely. Ensure that the installed amount of memory matches the amount shown in each test. Allow several of the tests to run before stopping the process.

    The following shows a memory test in progress.

    To perform memory tests:

    1. Display the Select Boot Option screen.

    2. Press the down arrow to select Memory Test, and then press Enter.

    Boot from the Rescue USB Flash Drive

    1. Display the Select Boot Option screen.

    2. Select ExtraHop USB, and press Enter.

      OR

      Wait for the system to automatically boot.

      The ExtraHop system boots using the Rescue USB flash drive. If the system fails to boot, the ExtraHop appliance may have a faulty hard drive. Ensure that the drive is seated correctly in the slot, and restart the ExtraHop appliance. If the error persists, contact ExtraHop Support to replace the drive.

    3. If the Problems found in Disk Config screen appears, complete the following steps.

      These steps show default selections. For additional help, contact ExtraHop Support.
      1. On the Problems found in Disk Config screen , select Rebuild config by using the arrow keys, and then press Enter.

      2. On the Configure Packet Capture screen, select Yes and press Enter.

      3. On the Use Defaults for Disk Config screen, select Default and press Enter.

      4. On the Datastore RAID LEVEL screen, select the RAID level for your configuration and press Enter.

    4. On the Change Disk Config screen, select Skip and press Enter.

      If you want to change your disk configuration, select Change and follow the prompts. Contact ExtraHop Support if you need help.

    5. On the Confirm device selection screen, make sure that the firmware device is the USB drive. Select Yes, and press Enter.

    Recovery Tasks

    After rebooting from the Rescue USB flash drive, the ExtraHop system displays the Select Menu Option screen with multiple recovery tasks:

    1 ExtraHop System Recovery: Enables ExtraHop system recovery without a system reset, maintaining the configuration, customizations, and metrics.

    2 ExtraHop System Factory Reset: Resets the ExtraHop system to factory defaults.

    3 Hardware Tests: Verifies that the system hardware is functioning correctly.

    4 Reset Settings Menu: Erases the IP and datastore settings of the appliance.

    5 Repair File System: Runs a system repair on the firmware drive.

    6 Roll Back Firmware: Restores corrupt files for a full or partial rollback.

    7 Migrate RAID0 to RAID10: Enables migration from RAID0 to RAID10.

    8 Shell: Enables the display of diagnostics in the command-line shell.

    9 Reboot: Reboots the system.

    ExtraHop System Recovery

    The system recovery option is used to recover your ExtraHop system in the unlikely event of an upgrade or restart failure. This recovery option replaces the firmware with a known good version while maintaining the system configuration, customizations, and metrics.

    If there is no backed-up firmware, then the Rescue USB flash drive must have the same version or earlier than the current version you are running, and the data drive must be partitioned and ready for writing.

    To recover the ExtraHop system without a full reset:

    1. Select ExtraHop System Recovery on the Select Menu Option screen.

    2. At the prompt that confirms you want to recover the previous firmware installation, select Yes.

    3. If there is no backup directory, the recovery option uses the USB flash drive version to recover the system. At the prompt to continue, select Yes.

      The recovery may take up to 45 minutes to complete.

    4. When the recovery is complete, press Enter and select Yes to restart.

    ExtraHop System Factory Reset

    To reinstall the ExtraHop firmware and remove all previous data, including the ExtraHop license:

    1. Select ExtraHop System Factory Reset on the Select Menu Option screen.

    2. On the Reset Configuration Sub-Menu screen, select Reset System Configuration and select OK.

    3. At the prompt that warns about clearing all previous data, select Yes.

    4. After ExtraHop system installation is complete, at the reboot prompt, choose reboot.

    Configuration after Reset

    The ExtraHop system defaults to a DHCP IP address. If you need a static IP address, log in to the system after the reboot. The default username is shell and the password is the system serial number (case-sensitive). To enter privileged mode, enter the enable command. If prompted, enter the same default password.

    To configure the recovered ExtraHop system:

    1. In privileged mode, use the configure sub-command to enter configuration mode to configure the IP address for the ExtraHop appliance:

      extrahop>enable

      Password:

      extrahop#configure

      extrahop(config)#interface

      extrahop(config-if)#ip ipaddr <addr> <netmask> <gateway> <dns>

      Changing IP address. Please wait...

    .Done

    extrahop(config-if)#exit

    extrahop(config) * #running_config save

    Would you like to write configuration changes to default config [Y/n]?: y

    extrahop(config)#exit

    extrahop#

  4. After the IP address is configured, log in to the Admin UI at https://<extrahop-ip>/admin. On the EULA screen, select I Agree and click Submit.

  5. On the Admin UI Login page, log in as follows:

    • For Username, type setup.

    • For Password,  type the system serial number (case-sensitive).

  6. On the Admin page, under System Settings, click License.

  7. On the License Administration page, go to Manage License and click Register.

  8. Enter the product key provided to you by ExtraHop Networks and click Register.

    The License Update Successful message confirms the installation. (If an error message appears, the license was not installed.)

  9. Click Done.

  10. Go back to the Admin page, and under Access Settings, click Support Account.

  11. Select Enable and click Save.

  12. An encrypted key appears. Copy the entire key, and send it to support@extrahop.com.

  13. Click Done.

  14. Set the system time. The default time server setting is pool.ntp.org. To configure the time servers manually, refer to the System Settings section of the ExtraHop Admin UI Users Guide.

  15. After configuring the time settings, save the running config:

    1. In the upper right corner, click View & Save Changes.

    2. On the Running Config page, click Update.

  16. To configure the connectivity settings, do the following:

    1. On the Admin page, under Network Settings, click Connectivity.

    2. In the Interface Status section, refer to the diagram of the appliance to determine whether a network feed is going into the data port. Ensure that all licensed interfaces are black (live, but not connected) or green (licensed, connected).

Upgrade the Firmware

At this point in the recovery process, you should check for any updates more recent than the Rescue USB flash drive firmware version.

To check for updated firmware versions:

  1. Log in to the ExtraHop Support Portal.

  2. Scroll down to Firmware Downloads.

  3. To install the firmware update, on the Admin page, go to System Settings and click Firmware.

  4. On the Firmware page, click Upload.

  5. Select the incremental firmware version you downloaded and follow the screen prompts. After uploading new firmware, you must restart the system.

After you have the license installed, the support account activated, the time zone set correctly, and the latest firmware installed, your ExtraHop system is configured.

To properly shut down the system:

  • On the command-line interface, enter the shutdown system command.

    OR

  • In the Admin UI, go to the Shutdown/Restart page and select Halt under System.

    If you shut down the ExtraHop system by powering it off, the system will restart in Database Recovery mode.

Hardware Tests

Hardware tests are for use before the ExtraHop appliance ships, during deployment, and after an appliance replacement or upgrade. The Select Hardware Tests to Run menu contains the following tests.

The following is a brief description:

1 Firmware: Verifies that the firmware version is correct. Checks the MD5 sums on both the base firmware and the ExtraHop firmware.

2 Hard Drives: Performs a test of all hard drives in the appliance.

3 RAID Controller: Checks the RAID statistics and gives a summary of errors, if any.

4 Card Slot Placement: Verifies that additional SSL and 10G cards are installed in the correct slots.

5 SSL offload: Turns on the card and performs two decryption tests.

6 NICs (detection): Verifies the two fiber interfaces and four Ethernet interfaces are present on the appliance. The result is N/A. Check the appliance to ensure the number of detected interfaces matches the number of interfaces on the appliance.

7 NICs (send/receive): Sends and receives data to and from the interfaces.

8 Extended Hard Drive Test: Performs a thorough test of the hard drive. This test can take up to 24 hours and checks every sector of every hard drive for errors. Run this test separately and only if there were errors in previous tests.

The following table shows the approximate length of each test.

Test Time
Firmware 5 seconds
Hard Drives 5 to 10 seconds
Raid Controller 5 seconds
Card Slot Placement 5 seconds
SSL Offload 5 seconds
NICs (Detection) 5 to 10 seconds
NICs (Send/Receive) 1 minute
Extended Hard Drive Test Up to 24 hours

To run the hardware tests:

  1. Connect the 10GB interfaces with a single-mode fiber optic cable, and connect interface 1 to interface 2, and interface 3 to interface 4 using Ethernet cables. On the EH9100, also connect interface 5 to interface 6, and interface 7 to interface 8.

  2. Select Hardware Tests on the Select Menu Option screen.

  3. On the Select Hardware Tests to Run screen, select which tests to run and then press Enter.

    By default, the first seven tests are selected as shown by the asterisk before each item. To deselect a test, highlight it and press the spacebar. Each test you choose to run stops at the end of the page to allow you to review the results.

  4. Press Page Up and Page Down on your keyboard to view the test results.

  5. When you finish reading the logs, press any key and then press Q at the prompt.

Troubleshooting the Hardware Tests

Before troubleshooting the ExtraHop appliance, check the LEDs on the appliance to ensure that the drives are functioning properly. A blinking amber LED indicates that the drive is not present or may not be secure inside the slot.

Check the LCD on the front of the appliance (EH8100/9100). On the Net screen, select Errors to view system events such as CPU errors, undetected hard drives, or missing power supplies. When an error occurs, the LCD turns amber and displays the error immediately.

Failed Firmware Test: If the firmware test fails, the firmware or base image file may be corrupted. To repair this, go to the Select Menu Option menu and select option 1, ExtraHop System Recovery. If that fails, select option 2, ExtraHop System Factory Reset. Selecting this option deletes the datastore. If the problem persists, contact ExtraHop Support.

Failed Hard Drive Test: If the hard drive test fails, the drive may not be present or secure inside the slot. Ensure that the drive is seated correctly in the slot, and run the test again. If the error persists, contact ExtraHop Support to replace the drive.

Failed RAID Controller Test: If the RAID controller test fails, the drives may not be present or secure inside the slots. Ensure that the drives are seated correctly in the slots, and run the test again. If the error persists, contact ExtraHop Support to replace the drives.

Failed Card Slot Placement Test: If the card slot placement test fails, the output shows a slot mismatch for the 10G or SSL cards. Designated slots vary by appliance model. To verify the designated slots, refer to your appliance documentation. If you have trouble replacing the cards in the correct slots, contact ExtraHop Support.

Failed SSL Offload Test: If the SSL offload test fails, the SSL card was not initialized properly or may be in the incorrect slot. Ensure that the SSL card is in the correct slot. If you have trouble replacing the cards in the correct slots, contact ExtraHop Support.

N/A NIC Detection Test: The output of the NIC detection test is a list of fiber interfaces (EH6100/8100/9100) and Ethernet interfaces on the ExtraHop appliance. Ensure that the number of detected interfaces matches the number of interfaces on the ExtraHop appliance. If one or more interfaces are not listed, ensure that all network interfaces and cards are present. If they are present and the system does not detect them, contact ExtraHop Support.

Failed NIC Send/Receive Test: If the NIC send/receive test fails, the single-mode fiber optic cables may be improperly connected. Ensure that the cables are properly connected, and restart the ExtraHop system. If the error persists, read the output to determine whether traffic was unsent or not received. If there is no traffic, the NIC may be defective. To replace a defective NIC, contact ExtraHop Support.

Extended Hard Drive Test

The extended hard drive test can take up to 24 hours and checks every sector of every hard drive for errors. For more information, refer to the smartmontools man page (http://smartmontools.sourceforge.net/man/smartctl.8.html).

Run this test separately and only if there were errors in previous tests.

To run the extended hard drive test:

  1. Connect the 10GB interfaces with a single-mode fiber optic cable, and connect interface 1 to interface 2, and interface 3 to interface 4 using Ethernet cables. For EH9100, also connect interface 5 to interface 6, and interface 7 to interface 8.

  2. Select Hardware Tests on the Select Menu Option screen.

  3. On the Select Hardware Tests to Run screen, select option 8, Extended Hard Drive Test.

  4. Select Yes to run the extended hard drive test.

Migrate RAID0 to RAID10

You can configure the EH9100 appliance for RAID10 using four additional hard drives from ExtraHop.

To enable advanced RAID features:

  1. Select Migrate RAID0 to RAID10 on the Select Menu Option screen.

  2. Select Yes to migrate to RAID10.

  3. (Optional) Once you finish the migration process, restart the ExtraHop appliance, and then go to the Admin UI to check the hard drive states and to configure alerts and notifications.

Published 2017-07-18 20:31