Troubleshooting

Imprivata log data can be sent from a thin client to Imprivata Customer Support to assist in diagnosing and resolving issues with your environment.

For the log files to be useful to Imprivata Customer Support, the unexpected behavior must have occurred on this thin client. If necessary, re-create the issue to capture a record of the issue in the log file.

The log files are located here:

  • /usr/lib/imprivata/runtime/log/OneSignAgent.log— Logs actions starting at the login screen, such as authentication and Virtual Desktop Access information.

NOTE: If these log files grow larger than 2.5MB, additional files are created automatically: OneSignAgent.log.1, and so on. Ten log files is the maximum, 25MB total.

To deliver the log files to Imprivata Customer Support, copy these files from their default location to an FTP site or USB storage. When a USB thumb drive is inserted into a thin client, the default location is \media.

You can use the ProveID Embedded configuration editor to enable the disable-certificate-checking parameter. This allows access to the virtual desktop even when the Imprivata appliance root certification authority (root CA) certificate is expired or removed. This parameter has no effect on agent upgrades and downgrades; the root CA must be present on thin clients when upgrading and downgrading the Imprivata agent.

To install the root CA, see Upload the SSL Certificate to Thin Clients.

  • The Imprivata agent cannot be installed if the root CA is not present on the thin client.
  • If the root CA expires or is removed after the Imprivata agent is installed, access to the virtual desktop will fail at the next user switch or desktop lock.
  • If the root CA expires or is removed, and certificate checking is turned off, access to the virtual desktop will not fail, but the thin client cannot be upgraded or downgraded until the valid root CA is present. The thin client will continue to run the current release.

NOTE: The DEA requires a valid root CA for secure communication with the Imprivata appliance when e-prescribing controlled substances with Imprivata Confirm ID.

Plugging in a USB drive can trigger an HP administrator password prompt that obscures the virtual desktop. Prevent this behavior in the HP ThinPro Control Center:

  1. Go to the ThinPro Control Center:

  2. Click the wrench button > Setup > Customization Center > Desktop.

  3. Deselect Authenticate USB Update.

  4. Click Apply and OK.

IGEL thin clients do not recognize USB storage devices by default. To enable USB storage devices:

  1. In the IGEL setup utility, select Profile > Configuration > Devices > Storage Devices > USB Storage Hotplugs

  2. Set the Number of USB Storage Hotplugs to 1.

  3. Click Save.

    BEST PRACTICE: To secure your thin client environment, reset this value to 0 after your implementation is complete.

On IGEL thin clients running 11.04.130, the 'single-application-kiosk=True' added under [agent.vdi] section in the Imprivata.conf file is removed on reboot.

To work around this issue:

  1. In the [agent.vdi] section in the Imprivata.conf file, set the 'single-application-kiosk=True'.
  2. In IGEL, use the setup menu to select Single-application-kiosk in the registry on IGEL.