Upgrade Requirements
Before you start the upgrade process, follow this checklist to ensure you have made the necessary preparations and met the essential upgrade requirements.
Table 13: Upgrade checklist
Back up the current configuration by doing one of the following:
- Export the configuration file using the Import/Export option in General Settings and import the same file after the upgrade.
- Create a copy of the ProgramData folder in the C:\ProgramData\One Identity\Password Manager for future reference.
|
UI customizations will be lost during upgrade. Follow the steps to save the configuration. For more information on saving the configuration, see Import/Export Configuration Settings . |
Ensure that you installed or upgraded the third-party redistributable packages required for the latest version of Password Manager. |
|
Ensure that you know the user name and password for domain management accounts. |
For more information on what permissions are required for a domain management account, see Configuring Permissions for Domain Management Account. |
Ensure that Password Manager Service account is a member of the Administrators group on the Web server where Password Manager is installed. |
|
Ensure that in IIS 7.0 or later, application pool identity account is a member of the IIS_IUSRS local group. This account must also have permissions to create files in the <Password Manager installation folder>\App_Data folder. |
|
Ensure that you know the user name and password for SQL database account. |
That is needed only if Password Manager Service account is configured to use special SQL account (different from Password Manager Service account) to access the SQL database. |
Ensure that the account, that is used to upgrade Password Manager, is a member of the local Administrators group on the server where you upgrade the product. |
|
Ensure that the account, that is used to upgrade Password Manager, is a member of the database creators (db_creator) fixed role on the SQL server hosting the Password Manager configuration database. |
|
About Secure Password Extension
Secure Password Extension is an application that provides access to the complete functionality of the Self-Service site from the Windows logon screen. Secure Password Extension also provides dialog boxes displayed on end-user computers, these dialog boxes notify users who must create or update their Questions and Answers profiles.
Secure Password Extension is included on the installation CD and is deployed through Group Policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and Configuring Secure Password Extension.
|
IMPORTANT: Secure Password Extension may be deployed on different workstations by applying different GPOs. This allows you to not upgrade Secure Password Extension on all the workstations at one time, but do it in several steps depending on your needs and preferences. |
You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.
|
IMPORTANT: By default, Secure Password Extension uses the URL of the Self-Service site installed on the computer where Password Manager Service runs. You can modify the URL on the General Settings|Realm Instances page of the Administration site. |
To remove the existing and assign a latest-version package
- Remove the assigned package (Quest Secure Password Extension x86.msi or Quest Secure Password Extension x64.msi) from the list of software to be installed.
- Add the latest-version MSI packages to the list of software to be installed.
When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.
During upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.
Upgrading Multiple Instances of Password Manager
This step is optional. It should be performed only if you have installed multiple instances of Password Manager.
To upgrade multiple instances of Password Manager, you need to export the configuration settings from the first configured instance of Password Manager and then import the settings to other instances. You should upgrade all instances of Password Manager to the latest version.
To import configuration settings
- Open the Administration site of the target instance.
- On the menu bar, click General Settings, then click the Import/Export tab and select the Import configuration settings option.
- Click Upload to select the configuration file that you exported earlier.
- Enter the password and click Import.
- Repeat steps 1-4 for other instances of Password Manager.
Upgrading Password Manager
Upgrading Password Manager
This section briefs about the process to upgrade Password Manager to the latest version (5.9.7).
|
NOTE:
- It is recommended to back up the current configuration by exporting the settings from 5.7.1 or later versions. For more information, see To export configuration settings from Password Manager 5.7.1 or later versions
- Running the Migration Wizard is not required while upgrading from Password Manager 5.7.1 or later versions to 5.9.7.
-
If you are upgrading to 5.9.x, it is recommended to reinstall the license file from the Administration site once the upgrade is complete. Before installing the license, delete the existing SoftLicense binary value from [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Quest Software] registry key.
- Any workflows that are customized in the previous versions of Password Manager should be manually merged with the workflow of the latest version of the Password Manager to avoid any end user data corruption.
For example, changes made to the Register workflow (Self-Service workflows) such as addition/update of any authentication steps to the default configuration, should be manually recreated after upgrade to PM 5.9.7.
-
To update storage files with new encryption mechanism, all realm instances must be updated with the Password Manager 5.9.7 configuration and must have the same encryption key.
To perform the same, login to PMAdmin site from the primary server, Navigate to General Settings > Import/Export > Export. Copy and Save the password securely. Import this configuration data in all the PM secondary replication instances by selecting the exported configuration data and providing the password.
-
If the secondary instances are not updated with new configuration, a notification will be displayed in Administration site as 'Import configuration settings from primary instance”.
In the replication instances, Navigate to General Settings > Import/Export > Import, select the exported data from the primary server and input the password saved.
-
Shared.storage file will be encrypted and copied to Active Directory only when all replication instances are updated with Password Manager 5.9.7 configuration and encryption key.
-
When all the realm instances are updated with Password Manager 5.9.7, Q&A profiles of users will be updated with new encryption key when one of the following is performed:
|
This section consists of the following topics:
To export configuration settings from Password Manager 5.7.1 or later versions
-
Connect to the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdmin/.
|
NOTE: When prompted to log in, provide your domain user name in a domainname\username format. |
- On the left pane of the Admin site, click General Settings, and click the Import/Export tab and select the Export configuration settings option, and then click Export.
After you have exported configuration settings from Password Manager 5.7.1 or later versions, you can uninstall it.
To uninstall Password Manager 5.7.1 or later versions
- Click Start, click Run, type
appwiz.cpl
, and then press ENTER.
- Select One Identity Password Manager x86/x64 in the list, and then click Uninstall.
After you uninstall Password Manager 5.7.1 or later versions, install Password Manager 5.9.7 on the same computer. All configuration settings will be automatically detected by the new version. For more information on how to install Password Manager, see Installing Password Manager.
If you have multiple Password Manager instances installed, when upgrading them, you may experience the following issue: the Realm Instances page of the Administration site displays an incorrect list of installed instances. After you upgrade all instances, the page will display the correct list.