Home >

Utilities Reference Guide > Lunadiag

  
Lunadiag

Lunadiag is a diagnostic tool for SafeNet card products. In general, you may never need to use it, other than to confirm a successful SafeNet installation. If you experience problems with a SafeNet product and need to contact Customer Support, you may be asked to perform additional tests with Lunadiag, as part of the troubleshooting process. In that circumstance, the support representative will instruct you. Several menu items are self-explanatory. The more obscure items are of interest only to Technical Support in very specific circumstances.

However, if you are an application developer, you may wish to use Lunadiag during your software-development. You have the option to run Lunadiag from the command line of a console window. From the command line, the syntax for Lunadiag is:

  lunadiag  [-s=num]  [-o=num]  [-c=num] <[options]>

Where

-s=num     Number of slots to test at once.  

                (Range: 1.. N; default: 1 where N is the number of slots available to the client)

-o=num     Offset into slots to begin testing

                (Range: 0.. N-1; default: 0)

-c=num     Command to run (Range: 1..16)

for example, lunadiag -s=1 -o=1 -c=11

The spaces are required. The following additional options can be executed, and exit immediately without user prompt.

-CHRYSTOKI   Perform the Chrystoki Library configuration test.

-DUALPORT     Dump dualport.

-FIPS             Test for FIPS setting for one token.  

                       Exit code 1 implies FIPS enabled.

Using Lunadiag  

Run lunadiag with no arguments, to get a list of slots that it can see.

C:\Program Files\SafeNet\LunaClient>lunadiag
lunadiag  version 8.0  Date: Feb 13 2015 Time: 14:21:44
Detecting Luna devices ...
Detection complete.

Slots available:
        Slot #0 - Present     - LunaNet Slot
        Slot #1 - Present     - LunaNet Slot
        Slot #2 - Present     - LunaNet Slot
        Slot #3 - Present     - Viper PCI Card
        Slot #4 - Not present - Luna UHD Tunnel Slot
        Slot #5 - Present     - Luna UHD Slot
        Slot #6 - Not present - Luna UHD Slot
        Slot #7 - Not present - Luna UHD Slot
Enter slot to test:

 

In the slot list, above, slots 0, 1, and 2 are listed as "LunaNet Slot", and correspond to SafeNet Network HSM application partitions that are registered with this client/host.

Slot 3, "Viper PCI Card", is a locally contained SafeNet PCIe HSM physical slot. While LunaCM shows a separate HSM administrative slot and application partition slot (if HSM firmware is version 6.22.0 or newer), lunadiag shows a single physical slot.

Similarly, Slot 5, "Present - Luna UHD Slot", is a SafeNet USB HSM physical slot.

Slot 4 "Not present - Luna UHD Tunnel Slot", is reserved for a USB HSM Device (UHD) like a SafeNet Backup HSM that could be directly connected to the SafeNet PCIe HSM card.

The slots listed as "Not Present - Luna UHD Slot" are placeholders for other possible devices that could be USB-connected, but currently are not.

Lunadiag displays a menu of commands, once you have selected a slot to work on.

C:\Program Files\SafeNet\LunaClient>lunadiag
lunadiag  version 8.0  Date: Feb 13 2015 Time: 14:21:44
Detecting Luna devices ...
Detection complete.

Slots available:
        Slot #0 - Present     - LunaNet Slot
        Slot #1 - Present     - LunaNet Slot
        Slot #2 - Present     - LunaNet Slot
        Slot #3 - Present     - Viper PCI Card
        Slot #4 - Not present - Luna UHD Tunnel Slot
        Slot #5 - Present     - Luna UHD Slot
        Slot #6 - Not present - Luna UHD Slot
        Slot #7 - Not present - Luna UHD Slot
Enter slot to test:

 

In order to see the lunadiag menu of commands, first select a slot on which to act:

Enter slot to test: 0

----------------------------------------
lunadiag  version 8.0  Date: Feb 13 2015 Time: 14:21:44

                Main Menu

           1   Select slot to test
           2   Driver Test
           3   Communication Test
           4   Read Firmware Level
           5   Read Protocol Level
           6   Read Capabilities
           7   Read Token Policies
           8   Read TSV
           9   Read Dualport
          10   Read Dualport Command
          11   Token Info Test
          12   Mechanism Info Test
          16   Read Debug/Trace Information

           0   Exit
----------------------------------------

 

Command 9 is a complete dual-port dump of a SafeNet PCIe HSM, which includes any debug/trace information at the end. This command does not work for SafeNet USB HSM because that HSM is not built around dual-port architecture.

Command 10 attempts to present information from the current command.

Command 16 provides just the debug/trace information for either a SafeNet USB HSM or a SafeNet PCIe HSM. For SafeNet PCIe HSM, this is a much more compact output than is available from command 9. For SafeNet USB HSM, this is all the information available, since there is no dual-port to expose.

The "missing" commands, 13, 14, and 15 appear only in special circumstances. The example that might have some general relevance is where Microsoft IIS is in use, and settings "AppIdMajor=1" and "AppIdMinor=42" are present in the Crystoki.ini file; this causes menu item 15 to appear. Generally, if a menu number does not appear, you do not need it. If in doubt, contact Technical Support.


Verify Successful Installation

If you can run tests

 2  Driver Test 
 3  Communication Test

and

 4  Read Firmware Level

successfully (if they do not return error messages) then the installation was successful.

If there is a problem, check the connections to your HSM.

If there is still a problem, remove and re-install the SafeNet HSM Client software.

If problems persist, contact SafeNet/Gemalto Technical Support.