Chat now with support
Chat with Support

Password Manager 5.7.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings Upgrading Password Manager Secure Password Extension Password Policies Reporting Password Manager Integration Appendixes Glossary About us

Running the Migration Wizard

NOTE: In the Shared.storage file in ProgramData folder of primary instance, verify whether AESEncryption value is true in all hosts. After installing Password Manager 5.7.1 and importing the configuration file into secondary instances, replication from all PM instances takes time to update the hosts’ information and to set AESEncryption value to true. If the AESEncryption value is not true, when you run the Migration Wizard 5.7.1, it displays the error message with the list of hosts which are not updated with Password Manager 5.7.1 configuration.

 

NOTE: Set AESEncryption value to true in all the hosts and run the Migration Wizard 5.7.1 under Password Manager Service account.

To run the Migration Wizard 5.7.1, see To update users’ Q&A profiles with new instance settings.

 

NOTE: In Password Manager 5.6.2, if you are using an existing database, after installing the Password Manager 5.7.1, connect to the database and execute the following query to alter the table:

ALTER VIEW [dbo].[vw_Report_ProfileState] AS

SELECT _RecordID as [ID],

t.n.value('Time[1]', 'datetime') [Time],

t.n.value('ProfileState[1]', 'nvarchar(max)') as [ProfileState],

t.n.value('Profile[1]/Domain[1]', 'nvarchar(max)') as [Domain],

t.n.value('Profile[1]/Id[1]', 'nvarchar(max)') as [UserID],

t.n.value('Profile[1]/DisplayName[1]', 'nvarchar(max)') as [UserDisplayName],

t.n.value('Profile[1]/LogonName[1]', 'nvarchar(max)') as [LogonName],

t.n.value('ForceEnrollStartDate[1]', 'datetime') as [ForceEnrollStartDate],

 

(SELECT MAX(t.n.value('Time[1]', 'datetime')) [Time]

FROM
(SELECT cast(_data as xml) _data

FROM [Data].[Data02c5f92cc8b74ac69cd89cc5d86e6c30]

WHERE (_Deleted <> 1) AND (_RecordTypeID = '978F5B5E-A43D-4FA3-A2A4-6C86E7E6B106')) Main

CROSS APPLY Main._data.nodes('*') t(n)) as SyncFinishDate

FROM

(SELECT cast(_data as xml) _data, _InstanceID, _WhenCreated, _RecordID

FROM [Data].[Data02c5f92cc8b74ac69cd89cc5d86e6c30]

WHERE (_Deleted <> 1) AND (_RecordTypeID = 'EAD9527C-99B3-46C2-9536-304321CAC7A1')) Main

CROSS APPLY Main._data.nodes('*') t(n)

Reset the SQL Server connection in the Administration site (Reporting->Edit Connection) and save it.

 

NOTE: After installing Password Manager 5.7.1, if service account has to be modified, see Modifying the service account .

Modifying the service account

Modifying the service account

NOTE: If you want to modify the service account after installing Password Manager 5.7.1, you cannot modify it by changing the account on Password Manager service because the new account will not be able to read the current configuration.

To modify the service account after installing Password Manager 5.7.1:

  1. On the menu bar, click General Settings, then click the Import/Export tab and export the configuration file of the primary instance of Password Manager.

    NOTE: Due to security enhancements, a complex password is generated while exporting the configuration. You must remember the password or store it in a secure place, to use while importing the configuration.
  2. Stop the Password Manager Service.
  3. At the command prompt, type services.msc and select Password Manager Service in the console and change the log on details.
  4. Start the Password Manager Service.

    NOTE: Before you continue, it is recommended to back up the One Identity folder at C:\ProgramData.
  5. Delete the One Identity folder at C:\ProgramData.
  6. Restart the computer.
  7. Open the Administration site.
  8. On the Instance Initialization page, select Unique instance and click Save.
  9. On the menu bar, click General Settings, then click the Import/Export tab and import the configuration file, which was exported before changing the service account.

Upgrading from Password Manager 5.6.3 (if security patch is not installed)

If the hotfix PasswordManager-5.6.3-SOL213268.exe, is not installed, to upgrade Password Manager 5.6.3 to 5.7.1, install Password Manager 5.7.1 and then follow the general upgrade instructions.

Prerequisites to upgrade to Password Manager 5.7.1:

  • If there are two or more instances of Password Manager in a realm, ensure that replication works between primary and secondary instances of Password Manager. In case of a stand-alone server, it is recommended to enable the replication to avoid any replication issues when new Password Manager instances are added later.
  • If there are two or more instances of Password Manager in a realm, ensure that one of the instances is set as primary and the remaining instances as secondary. Verify it in the Local.storage file present at C:\ProgramData\One Identity\Password Manager. In the file, search for <setting name=”role” value= and ensure that the value parameter for one of the servers or instances is set to Primary and all others are set to Secondary. If all servers display the value as Secondary, then select one as the main server and set it to Primary. For more information see the Knowledge article.
  • Ensure that all the realm instances displayed under Realm Instances section of the General Settings on Administration site are in use. If any of the unused instances are displayed, then remove those instances from the realm by clicking on the Remove link of the corresponding instances.

NOTE: After upgrade, the storage version of all the storage files are updated to a newer version. Hence it is not possible to rollback.

To upgrade to Password Manager 5.7.1, see To upgrade to Password Manager 5.7.1

 

NOTE: After installing Password Manager 5.7.1, if service account has to be modified, see Modifying the service account .

NOTE: For details regarding the points to be taken care while installing Password Manager 5.7.1, see Important notes for upgrading to Password Manager 5.7.1.

Upgrading Secure Password Extension

You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.

To remove the existing and assign a latest-version package

  1. Remove the assigned package (Quest One Secure Password Extension x86.msi or Quest One Secure Password Extension x64.msi) from the list of software to be installed.
  2. Add the latest-version MSI packages to the list of software to be installed.

When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.adm(x) administrative template with the one located in the \Password Manager\Setup\Administrative Template\ folder of the installation CD.

During upgrade of prm_gina.adm(x) administrative template, the previously made template settings are preserved and picked up by newer versions.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating