Technical Guides
      Back to home
      1. Knowledge Base
      2. Technical Guides

      How to recover a SPAS system (MFA server only/no FIDO)

      If you lose an on premises SPAS server, here is what you will need in order to recover

      To recover a SPAS system (MFA server only/no FIDO)

      Required for full recovery:
      • Backup copy of the SQL DB
      • Backup copy of the web.config and site.lic (or the whole SurePassID folder that includes the code and the web.config/site.lic)
      • Replacement server system with the needed pre-reqs/components
      • 2019 or later server
      • SQL Express or better
      • If using managed service account for the SQL access, then the server needs to be given access to the account and/or put in the group if it is a managed service account
      • .NET 4.8
      • IIS web services enabled with ASP/ASP NET features enabled in the "application development" section of the IIS setup
      • DNS udpated to point to the new server's IP
      • Valid IIS trusted certificate with the needed host names, i.e. mfa.domain.com)
      Steps to recover:

      • Install the SPAS software using the same version as the original SPAS on the server
      • In the IIS Manager:
        • Adjust the app pool identities in IIS if using a managed service account
        • Bind the IIS site to the correct host name and use the correct certificate for SSL
      • In SQL Management Studio:
        • Rename the newly installed DB to DB-Delete or similar as you will be deleting it once all is complete
        • Restore the backed-up DB making sure it has the same name as was the original DB
        • Add the original SQL login account and assign it the needed DBOwner Rol for the restored DB; SQL account or managed service account
        • If the entire folder was backed up, then stop the IIS service/site and replace the newly installed copy of the SPAS/MFA server's folder with the contents from the backup, replacing the existing files and restart the IIS service/site
        • If the above is not the case, then make a backup of the newly installed web.config, just in case, then replace the web.config in the MFA server's newly installed main folder with the backed-up copy of the web.config.
        • Copy the site.lic file from the backup to the MFA server's BIN folder
        • Confirm the site is accessible via the DNS name using the browser and sign in
        • Remove the to be deleted DB and the extraneous login if present

      The critical pieces are the web.config, the DB, and the site.lic (we can reissue a site.lic if needed).

      The above is specifically for restoring just the SPAS(MFA) server, not API/FIDO, or SAML2.