Replacing a lost Tech’s encryption key, or forgotten PassPhrase, or lost MFA

The asymmetric encryption keys that protects all of a Technician’s credentials is protected by a pass phrase. There are a few situation where a tech could lose access to the credentials.

  1. They forget the passphrase
  2. The lose access to the MFA for the TechClient
    1. Check the times on the computer and MFA device to confirm they match before proceeding.
  3. They lose the computer (or it gets destroyed, or stolen) and they get a new computer.

To recover from these situations…if they backed up the encryption keys follow these steps.

  1. Rename (or delete) the c:\users\{user}\RuffianSoftware directory
  2. Open TechClient
  3. Enter a new PassPhrase in the wizard and confirm it
  4. Select Import and choose the saved keys file.
  5. Step through the rest of the Wizard.
  6. As soon as they refresh all the credential information will show up again.

If the tech did not backup the encryption keys follow these steps. Be aware that doing this will lose all the passwords the tech has stored in TechIdManger. That encryption key is the only way to access the stored passwords. Replacing the keys with these steps will regain access to all the Managed accounts on all the agents, by making new passwords for the existing accounts for that tech.

  1. Have a manager go into the management console and on the “techs” sections change the tech’s status to “keychange”
  2. On the Tech’s computer
    1. Rename (or delete) c:\users\{user}\RuffianSoftware
    2. Open TechClient
    3. Go through the Wizard
      1. Put in the correct “Client Guid”
      2. Put in the same “Name”, “First name”, “Last Name”, that they were using previously
      3. New keys will be generated.
      4. Save and upload this information as the last step in the Wizard. This will change the tech to “pending” in the management console.
  3. Have a manager go into the management console and on the “techs” sections change the tech’s status to “active”
  4. The previous accounts will be enabled and new passwords created for this user over the course of the next hour.

If you have any questions or need any assistance, let us know. We are glad to help.

1 thought on “Replacing a lost Tech’s encryption key, or forgotten PassPhrase, or lost MFA”

Comments are closed.