Chat now with support
Chat with Support

Password Manager 5.10.1 - How-to Guide

Overview Licensing Upgrading Secure Password Extension Password Policy Manager Configuration Reinitialization Reports Starling 2FA Customizations Troubleshooting

Is it possible to upgrade the Password Manager servers first and then the SPE (Secure Password Extension) at a later time?

Yes, it is possible for older SPE versions to communicate with Password Manager but in a very limited capacity.

The only option available for older SPE clients is the “Forgot My Password” link on the Windows logon screen. Options such as Registration are not supported.

To be able to accommodate this scenario, you can perform any of the following options:

  1. Leave one old Password Manager server live so that the old SPE clients can still reach it.
  2. Create a GPO using the Password Manager ADM template to force the Self Service URL to the new server

NOTE: Older SPE clients will work with the new Self Service site, but only if URL redirection is enabled.
  1. Update DNS to have the old Password Manager server IP updated to the new server IP.

It is recommended to upgrade the SPE clients as soon as possible to avoid having the overlap.

Is it possible to roll back after the upgrade?

Once you upgrade to 5.10.1, it is not possible to roll back due to the security enhancements implemented. The configuration is encrypted in a new manner, along with all of the user profiles.

The only possible roll back option is to use a product such as Quest Recovery Manager for Active Directory (RMAD) to backup prior to upgrading, and then restore the "comment" attribute for all users after you have restored the Password Manager configuration to the pre-upgrade version.

Does Password Policy Manager have to be upgraded on the Domain Controllers?

Password Policy Manager must also be upgraded on all Domain Controllers. Note that the Domain Controllers must be rebooted.

 NOTE: Although an older version of the components such as the SPE and Password Policy Manager may work with later Password Manager server versions, it has not been fully tested and is not officially supported.

Upgrading from Password Manager 5.5.3 or later versions

Upgrading from Password Manager 5.7.1 or later versions

  1. Navigate to the old Password Manager version 5.7.1 or later. Admin site and Export the Configuration from the 5.7.1 or later instance. Navigate to General Settings > Import/Export. Click on Export Configuration Settings from the dropdown option. Enter a password, and click Export.
  2. Uninstall the exiting installation of Password Manager from Programs and Features in Control Panel.
  3. Install Password Manager 5.10.1 on the server by launching Autorun within the installation media and walking through the installation wizard.
  4. In the Password Manager Admin site, navigate to General Settings | Import/Export.
  5. Click on the Export Configuration Settings option and choose Import Configuration Settings.
  6. Click Upload and select the Export settings from Step 1.
  7. Verify that the settings have been successfully imported to the new installation.
  8. A reboot of the server is recommended.
  9. If Reporting was configured in previous versions (5.7.1 or later), navigate to Reporting in the Admin site.
  10. Click Disconnect Servers and click Ok.
  11. Click Edit Connections.
  12. Follow the wizard to create a new database and enter the SQL Reporting information.

  13. After the configuration is confirmed, run the included Migration Wizard located in the installation source under \Password Manager\Setup\Migration Wizard. The file is QPM.MigrationWizard.exe.

    		 NOTE: The Migration Wizard must be run as the account running Password Manager service as only that account will have the ability to update and re-encrypt the user profiles.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating