MyID startup

2.6 MyID startup

If you are using an HSM that requires password entry, you can use the Card Manager Startup utility on the application server to enter your HSM credentials and control the operation of the MyID eKeyServer service that secures the MyID application.

Note: You must set the Startup utility to run when the MyID application server starts up.

2.6.1 Using the Startup utility

To start the utility:

Open the Windows Start menu.
In the MyID group, select Startup.
Locate the Startup icon in the Windows Start menu, right-click and select Run as Administrator.

The Startup utility now starts. The logged-on user must have permission to access the MyID database and stop or start the eKeyServer service.

You can also set the Startup utility to run as administrator when the system starts up. See your Windows documentation for details. For example, in Windows 2016, create a shortcut to the utility in:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp

Right-click the shortcut, select Properties, then on the Compatibility tab select Run this program as an administrator.

2.6.2 Using Startup with an HSM-based master key

When you log on to Windows on the server, the MyID Startup utility should run automatically. If it does not, select Startup from the MyID folder of the Start menu.

The Startup box is displayed.

If the eKeyServer service is already running, a warning message is displayed and only the Cancel button is active.
Depending on the type of user created on the HSM, you must do one of the following:
- If the user was created with No Authentication, type the username.
- If the user was created with PIN Authentication, type the username, then a space, then the PIN.
- If the user was created with Smartcard Authentication:
  1. Type the username.
  2. Insert the smart card into the HSM card reader.
  3. Enter the PIN on the PIN-Pad on the HSM card reader when the green light flashes.
Note: You cannot use the Cache keys option for an HSM-based master key. If you want to set up unattended startup, you must configure this when you first run GenMaster, if your HSM supports it.
The Startup utility then starts the eKeyServer service, which takes a few seconds.

The message “Key Server is now active” is displayed when the service has successfully started.
Click Close.
The system tray shows the status of the eKeyServer service. A gray icon indicates that the service is not running. Right-click the icon to display the pop-up menu:
- Start to start the eKeyServer service.
- Stop to stop the eKeyServer service.
- Restart to stop the eKeyServer service and then restart.
- Exit to exit the Startup application, leaving the eKeyServer service running.

2.6.3 Startup utility procedure

The Card Manager Startup utility requires the appropriate permissions to carry out its processes. The utility carries out the following steps – you must make sure that your users are configured with the correct permissions for each step.

The utility reads the registry.

For the Mastercard key in the registry, and any subkey beneath it:
- The MyID COM+ user needs read access.
- Any user that logs onto the application server to use the utility needs read access.
- In the rare occasions where the Mastercard part of the registry needs to be changed by MyID, full control to the Mastercard key and its subkeys is required for the MyID COM+ user account, and the logged on user. Situations that require this part of the registry to be updated include:
  - Running GenMaster for the first time.
  - Using the cache keys feature where master cards have previously been used.
The Mastercard is located in the following part of the registry on the application server:

HKEY_LOCAL_MACHINE\SOFTWARE\Intercede\Edefice\MasterCard
Launches the Edefice_DAL component and pull back configuration information from the database.

This is launched by the utility using the logged-on user account’s permissions.
Attempts to start the eKeyServer service.

Again, this uses the permissions of the logged-on user account.