|
Home > |
|---|
Lunadiag is a diagnostic tool for SafeNet Luna card products. In general, you may never need to use it, other than to confirm a successful Luna installation. If you experience problems with a Luna product and need to contact Customer Support, you may be asked to perform additional tests with Lunadiag, as part of the troubleshooting process. In that circumstance, the support representative will instruct you. Several menu items are self-explanatory. The more obscure items are of interest only to Technical Support in very specific circumstances.
However, if you are an application developer, you may wish to use Lunadiag during your software-development. You have the option to run Lunadiag from the command line of a console window. From the command line, the syntax for Lunadiag is:
lunadiag [-s=num] [-o=num] [-c=num] <[options]>
Where
-s=num Number of slots to test at once.
(Range: 1.. N; default: 1 where N is the number of slots available to the client)
-o=num Offset into slots to begin testing
(Range: 0.. N-1; default: 0)
-c=num Command to run (Range: 1..16)
for example, lunadiag -s=1 -o=1 -c=11
The spaces are required. The following additional options can be executed, and exit immediately without user prompt.
-CHRYSTOKI Perform the Chrystoki Library configuration test.
-DUALPORT Dump dualport.
-FIPS Test for FIPS setting for one token.
Exit code 1 implies FIPS enabled.
Run lunadiag with no arguments, to get a list of slots that it can see.
C:\Program Files\SafeNet\LunaClient>lunadiag
lunadiag version 8.0 Date: Feb 13 2015 Time: 14:21:44
Detecting Luna devices ...
Detection complete.
Slots available:
Slot #0 - Present - LunaNet Slot
Slot #1 - Present - LunaNet Slot
Slot #2 - Present - LunaNet Slot
Slot #3 - Present - Viper PCI Card
Slot #4 - Not present - Luna UHD Tunnel Slot
Slot #5 - Present - Luna UHD Slot
Slot #6 - Not present - Luna UHD Slot
Slot #7 - Not present - Luna UHD Slot
Enter slot to test:
In the slot list, above, slots 0, 1, and 2 are listed as "LunaNet Slot", and correspond to Luna SA application partitions that are registered with this client/host.
Slot 3, "Viper PCI Card", is a locally contained Luna PCI-E physical slot. While LunaCM shows a separate HSM administrative slot and application partition slot (if HSM firmware is version 6.22.0 or newer), lunadiag shows a single physical slot.
Similarly, Slot 5, "Present - Luna UHD Slot", is a Luna G5 HSM physical slot.
Slot 4 "Not present - Luna UHD Tunnel Slot", is reserved for a USB HSM Device (UHD) like a Luna Backup HSM that could be directly connected to the Luna PCI-E card.
The slots listed as "Not Present - Luna UHD Slot" are placeholders for other possible devices that could be USB-connected, but currently are not.
Lunadiag displays a menu of commands, once you have selected a slot to work on.
C:\Program Files\SafeNet\LunaClient>lunadiag
lunadiag version 8.0 Date: Feb 13 2015 Time: 14:21:44
Detecting Luna devices ...
Detection complete.
Slots available:
Slot #0 - Present - LunaNet Slot
Slot #1 - Present - LunaNet Slot
Slot #2 - Present - LunaNet Slot
Slot #3 - Present - Viper PCI Card
Slot #4 - Not present - Luna UHD Tunnel Slot
Slot #5 - Present - Luna UHD Slot
Slot #6 - Not present - Luna UHD Slot
Slot #7 - Not present - Luna UHD Slot
Enter slot to test:
In order to see the lunadiag menu of commands, first select a slot on which to act:
Enter slot to test: 0
----------------------------------------
lunadiag version 8.0 Date: Feb 13 2015 Time: 14:21:44
Main Menu
1 Select slot to test
2 Driver Test
3 Communication Test
4 Read Firmware Level
5 Read Protocol Level
6 Read Capabilities
7 Read Token Policies
8 Read TSV
9 Read Dualport
10 Read Dualport Command
11 Token Info Test
12 Mechanism Info Test
16 Read Debug/Trace Information
0 Exit
----------------------------------------
Command 9 is a complete dual-port dump of a Luna PCI-E HSM, which includes any debug/trace information at the end. This command does not work for Luna G5 because that HSM is not built around dual-port architecture.
Command 10 attempts to present information from the current command.
Command 16 provides just the debug/trace information for either a Luna G5 or a Luna PCI-E HSM. For Luna PCI-E, this is a much more compact output than is available from command 9. For Luna G5, this is all the information available, since there is no dual-port to expose.
The "missing" commands, 13, 14, and 15 appear only in special circumstances. The example that might have some general relevance is where Microsoft IIS is in use, and settings "AppIdMajor=1" and "AppIdMinor=42" are present in the Crystoki.ini file; this causes menu item 15 to appear. Generally, if a menu number does not appear, you do not need it. If in doubt, contact Technical Support.
If you can run tests
2 Driver Test 3 Communication Test
and
4 Read Firmware Level
successfully (if they do not return error messages) then the installation was successful.
If there is a problem, check the connections to your HSM.
If there is still a problem, remove and re-install the LunaClient software.
If problems persist, contact SafeNet/Gemalto Technical Support.