Maintenance Menu

Overview

The Maintenance Menu menu allows you to manage and troubleshoot your Virtual Appliance efficiently. This article provides step-by-step instructions for accessing and using the various options available on the Maintenance Menu.

Frame 660.png

Accessing the Maintenance Menu

Ensure you are logged in successfully to view the Maintenance Menu. To access the menu, enter your previously defined username and password. Once logged in, you will have access to the following options:

mceclip0.png

  • Logout - Logs you out of the Maintenance Menu.
  • Reboot - Reboots the Virtual Appliance.
  • System - Provides additional functionalities such as changing the hostname, updating the Admin password, and managing certificates. For more details, see System.
  • Updates - Offers different methods for updating the Virtual Appliance. For more details, see Updates.
  • Network Configuration - Allows you to check and modify network interfaces and routes. For more details, see Network configuration.
  • Troubleshooting - Provides tools and options for diagnosing and resolving issues. For more details, see Troubleshooting.

Using the Maintenance Menu

System

The System submenu presents you with additional functionalities, such as:

Frame 659.png

Change the hostname

This option allows you to change the hostname at the Virtual Appliance level.

Frame 677.png

When you change the hostname of your Virtual Appliance, it is recommended to regenerate the self-signed certificates, provided you are using them instead of a custom certificate. This ensures that the certificates reflect the new hostname.

Best practice: After changing the hostname, regenerate the self-signed certificates and restart the relevant services.

Frame 678.png

Change your password

This option opens a wizard to change the Admin password of the Virtual Appliance.

Frame 679.png

Changing the password affects both the login credentials for the Maintenance Menu and the Login Enterprise web interface, as both use the same account (admin).

Reasons to change the password:

  • To revoke access for employees who are no longer with the company.
  • To comply with security policies that require password changes after a specified period.

Frame 680.png

Regenerate self-signed certificates

This option allows you to regenerate the self-signed certificate in use.

Reasons to regenerate SSL certificates:

  • Configuration changes: If you change the appliance's hostname, IP address, or other network settings, the existing certificate may become invalid. Regenerating self-signed certificates ensures they align with the updated configuration and maintain secure connections.
  • Compliance: Certain security policies or audits may require the periodic regeneration of certificates to ensure that communication channels remain secure and up to date.

Apply new certificate

This option allows you to add a custom PFX certificate to the Virtual Appliance. For more information, see Installing a new certificate.

Import root CA certificate

Use this option to import a Root Certificate Authority (CA) certificate when applying custom certificates. This is essential for establishing trust between your custom PFX certificate and the system. For more information, see Importing a root CA certificate.

Change allowed URLs

This option allows you to add or modify URLs that the Virtual Appliance listens to. For more information, see Managing and adding Virtual Appliance URLs.

Perform DB maintenance

This option optimizes your database by rebuilding indexes and updating statistics, which improves query performance and reduces fragmentation. This process automatically adapts to the type of database in use—whether it’s the internal PostgreSQL database or an external Microsoft SQL database, depending on your setup.

Important: Login Enterprise services will be temporarily stopped during maintenance. It’s important to schedule this process accordingly. Always back up your database or Virtual Appliance before proceeding to prevent potential data loss.

Frame 681.png

Updates

The Updates submenu provides different methods for updating the Virtual Appliance:

Frame 661.png

Update from the internet

This option initiates an update over the internet, bringing the Virtual Appliance to the latest available version. For more information, see the Online update of Login Enterprise.

Update from ISO

This option initiates an update from an attached ISO applied to the VM. For more information, see the Offline update of Login Enterprise.

System update from the internet

This option initiates Debian system updates over the internet, the System update of the Login Enterprise operating environment.

mceclip2.png

Network сonfiguration

The Network configuration submenu provides options for checking network interfaces and routes, as well as changing network modes.

Frame 662.png

Show network interfaces

This option allows you to verify specific details, such as:

  • Interface status (UP/DOWN) - Ensure the network interface is active. If it’s down, the device will not communicate.
  • IP address - Verify the correct IP assignment. An incorrect or missing IP can cause connectivity issues.
  • Subnet mask and gateway - Check for proper network routing. Mismatched settings can prevent access to other devices or networks.
  • MAC address - Confirm the correct hardware identifier for security or access control.
  • Link speed/duplex: Ensure the network operates at expected speeds and in full-duplex mode to avoid performance issues.
  • Errors/packet loss - Look for network errors or dropped packets, which may indicate hardware or configuration issues.
  • Active interface - Verify that the correct interface. e.g. wired or wireless is being used.

Frame 663.png

Show routes

This option allows you to review networking details, such as the following:

  • Routing table: Confirm active network routes to ensure traffic is routed correctly to both internal and external networks.
  • Default gateway: Validate the correct default gateway for routing outbound traffic.
  • Subnet routes: Ensure specific routes to critical subnets or VPNs are configured and functioning properly.
  • Troubleshooting: Diagnose network connectivity issues by verifying that routes to particular destinations exist and identifying any incorrect routes.
  • Interface assignment: Verify which network interfaces are managing specific routes to ensure proper traffic management.

These checks help maintain network efficiency and facilitate troubleshooting.

Frame 664.png

Configure proxy

This option allows you to manage proxy settings for your network configuration.

  • Set proxy: Configure the proxy settings to direct network traffic through a specified proxy server.
  • Clear proxy: Remove any existing proxy settings to revert to a direct connection.

Managing these settings can help optimize network performance and enhance security.

Frame 665.png

Use DHCP

Select this option to automatically obtain an IP address and network settings from a DHCP server. This simplifies network configuration and allows for dynamic address allocation. For more information, see Configuring the Virtual Appliance for the first time.

Set static IP

Select this option to manually configure a fixed IP address for the Virtual Appliance. This is useful for ensuring consistent network identification, especially for servers or devices that require a stable connection. For more information, see Changing the Virtual Appliance IP address.

Frame 666.png

Troubleshooting

The Troubleshooting submenu provides options to help diagnose and resolve issues. The options are as follows:

dc4c1816-5f86-424f-bd76-e7ba4ac9fc8a.png

Ignore certificate errors

This option allows you to configure certificate validation settings for apt and curl. By adjusting these settings, you can choose to ignore certificate errors, which may be useful in certain troubleshooting scenarios or when working with self-signed certificates.

  • APT config menu:
    • Acquire::https::Verify-Peer and Verify-Host are set to "true" by default, meaning apt validates certificates when downloading packages over HTTPS.
    • Disable certificate validation turns both settings to "false," allowing downloads without SSL checks. Useful for trusted internal repos or testing environments.

Frame 668.png

Frame 669.png

  • cURL config menu:
    • Validate certificates is the default for curl, ensuring SSL validation for HTTPS requests.
    • Disable certificate validation allows curl to skip SSL checks, equivalent to using --insecure. This can be used in testing or for trusted servers.

Frame 670.png

Important: Both options reduce security and should be used cautiously in production environments, as ignoring certificate errors can expose your system to potential risks.

Start enable SSH server

Select this option to start the SSH service, allowing remote SSH access to the appliance. Highlight this option and press Enter on your keyboard to run it.

Stop and disable SSH server

Select this option to stop the SSH service and disable remote access, preventing further SSH connections. Highlight this option and press Enter on your keyboard to execute it.

Use the appropriate option based on your security needs. Enabling SSH allows remote access for management while disabling SSH enhances security by blocking such access.

Ping

The Ping option allows you to test network connectivity by sending ICMP echo requests to a specified address or hostname. When selected, a field will appear where you can enter the desired IP address or hostname to check if the destination is reachable.

This tool helps you quickly verify network status and diagnose connection issues.

Frame 671.png

Frame 672.png

Show netstat

The Show Netstat option provides an overview of networking details without requiring any configuration. This section is designed for users who know what they’re looking for in terms of network diagnostics.

  • View network connections: Quickly see active network connections and their status.
  • Interface statistics: Check statistics for each network interface to monitor performance.
  • Routing information: Access routing details to understand how traffic is managed.
  • Troubleshooting: Identify potential issues and unauthorized connections, helping to resolve connectivity problems efficiently.

This option allows for easy monitoring of network performance without the need to manually enter netstat commands.

Frame 673.png

Show LoginVSI service status

This option displays the Docker containerized microservices hosted by the Virtual Appliance. This section functions similarly to viewing the "Login Enterprise Services" page in the Login Enterprise user interface.

  • View microservices: See a list of all active microservices running in Docker containers.
  • Service status: Check the current status of each microservice.

This option is for viewing purposes only; no configuration changes can be made here.

Frame 674.png

Restart LoginVSI services

The Restart Services option allows you to restart services running on the Virtual Appliance.

Reasons to restart services:

  • Recover from service crashes: Restore functionality after a service failure.
  • Apply configuration changes: Implement changes made to service settings.
  • Troubleshoot system issues: Address problems by refreshing services.
  • Improve performance: Enhance overall performance by restarting services.

This option provides a quick way to restore functionality with minimal downtime.

Frame 676.png

Open bash shell

The Open Bash Shell option provides access to a command prompt, allowing you to type commands directly. This interface is minimal and is primarily intended for users who know in advance what tasks they want to perform.

  • Direct command-line access: Gain access for advanced troubleshooting, manual configurations, service management, or running scripts.
  • Flexibility: Execute Linux commands as needed.

It may not be common for a Virtual Appliance administrator to perform tasks in this shell, so familiarity with command-line operations is required.

Frame 675.png

To exit the shell, type exit and press the Enter key.