In addition to the following prerequisites, ensure that you also meet the hardware requirements. For more information about hardware requirements, see the component-specific requirements in the Section I, Installing Access Manager.
Before upgrading, back up your configuration using the ambkup.bat file. For instructions, see Backing Up the Access Manager Configuration in the NetIQ Access Manager 4.2 Administration Guide .
If the upgrade fails, you need a way to recover your configuration. As a backup can be restored to only the version on which it was created, you must restore your Access Manager components to that version. You can then restore the configuration with the backup file and work with NetIQ Technical Support to solve the upgrade problem before attempting to upgrade again.
If you have downloaded the evaluation version and want to keep your configuration after purchasing the product, you need to upgrade each of your components with the purchased version. The upgrade to the purchased version automatically changes your installation to a licensed version.
After you have purchased the product, log in to the Novell Customer Center and follow the link that allows you to download the product. Then follow the instructions in Upgrading Access Manager for upgrading components.
Log in to the NetIQ Downloads page and follow the link that allows you to download the product.
NOTE:If you have enabled history for risk-based authentication in Access Manager 4.1, you must upgrade the database for risk-based authentication after upgrading to 4.2. You can find the upgrade script here: C:\Program Files\(x86)\Novell\Tomcat\webapps\nidp\WEB-INF\RiskDBScript.zip.
MySQL: Run netiq_risk_mysql_upgrade.sql
Oracle: Run netiq_risk_oracle_upgrade.sql
If you have installed Administration Console and Identity Server on the same server, you must upgrade both of them at the same time.
Manually back up your current Access Manager configuration using ambkup.bat file. For instructions, see Back Up and Restore in the NetIQ Access Manager 4.2 Administration Guide .
If the Identity Server is installed on the same server, manually back up the JSP pages and related files in the C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp directory.
If you have customized the tomcat.conf file or the server.xml file, back up these files before upgrading. These files are overwritten during the upgrade process.
IMPORTANT: We recommend that you have your own backup of customized files.
Run the installation program. When the installation program detects an installed version of the Administration Console, it automatically prompts you to upgrade.
Read the Introduction, then click Next.
Accept the License Agreement, then click Next.
Select the component to upgrade that is currently installed, then click Next.
Type Y and press Enter.
The system displays an information message to enable Syslog on the Auditing user interface of the Administration Console after the upgrade.
Type Y to continue with the upgrade, then press Enter.
At the upgrade prompt, click Continue.
Specify the following information for the administrator account on the Administration Console:
Administration user ID: Specify the name of the administration user for the Administration Console.
Password and Re-enter Password: Specify and re-enter the password for the administration user account.
Decide whether you want the upgrade program to create a backup of your current configuration:
If you have a recent backup, click Continue. If you choose to not create a backup when you do not have a recent backup and you then encounter a problem during the upgrade, you may be forced to re-create your configuration.
If you do not have a recent backup, click Run Config Backup. The program creates a backup and stores it in the root of the operating system drive in the nambkup directory.
Review the summary, then click Install.
If the upgrade seems to hang and you have been performing other tasks on the desktop, click the installation screen and check for a warning message. Some subcomponents of Access Manager do not send warning messages to the Installation screen when the focus of the mouse is not on the installation window.
When you are prompted, reboot the server.
View the upgrade log file found in the following location:
C:\Program Files(x86)\Novell\log\AccessManagerServer_InstallLog.log
If the Identity Server installed on the same server, copy any custom login pages to the C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp directory. For more information, refer Upgrading Identity Server.
Restore any customized files from the backup taken earlier.
To restore the files, copy the content of the following files to the corresponding file in the new location.
server.xml
If you have customized the server.xml file from the backup taken in 3.2 SP3, 4.0.x or 4.1.x, ensure that you apply the same to the new 4.2 server.xml located at C:\Program Files (x86)\Novell\Tomcat\conf\ directory.
An example below shows that the IP address is removed and ciphers added.<Connector NIDP_Name="connector" port="8443" address="" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, ... ../>
Tomcat properties:
Go to C:\Program Files\Novell\Tomcat\bin\tomcat7w. Double-click the tomcat7w file and make a note of any elements or attributes customized in 3.2 SP3, 4.0.x or 4.1.x
On the 4.2 server, go to C:\Program Files\Tomcat\bin\tomcat8w. Change the values and attributes as required.
If you have installed only Identity Server on the server, use the following procedure to upgrade Identity Server.
Manually back up the JSP pages and related files in the C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp directory.
IMPORTANT:We recommend that you have your own backup of the customized files.
If you have customized the tomcat.conf file or the server.xml file at C:\Program Files (x86)\Novell\Tomcat\conf\, back up these files before upgrading. The registries and the file are overwritten during the upgrade process.
Download and run AM_42_AccessManagerService_Win64.exe file from NetIQ.
This file starts the installation program. When the program detects an installed version of the Identity Server, it automatically prompts you to upgrade.
On the Introduction page, click Next.
Accept the License Agreement.
At the upgrade prompt, click Continue.
Type Y and press Enter.
The system displays an information message to enable Syslog after the upgrade.
Type Y to continue with the upgrade, then press Enter.
Specify the following information for the Administration Console:
Administration user ID: Specify the name of the administration user for the Administration Console.
Password and Re-enter Password: Specify and re-enter the password for the administration user account.
If you have customized login pages, decide whether you want your customized pages restored automatically. Be aware that any new feature introduced in the JSP files that have the same name as your files are lost when your file overwrites the installed file with the automatic restore.
You may want to wait until after the upgrade, then compare your customized file with the newly installed file. You can then decide whether you need to modify your file before restoring it.
NOTE:Ensure that you sanitize the restored customized JSP file to prevent XSS attacks. For more information about how to sanitize the JSP file, see Preventing Cross-site Scripting Attacks in the NetIQ Access Manager 4.2 Administration Guide .
Review the summary, then click Install.
View the upgrade log file found in the following location:
C:\Program Files (x86)\Novell\log\AccessManagerServer_ InstallLog.log
Copy any custom login pages to the C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp directory.
Restore any customized files from the backup taken earlier.
To restore the files, copy the content of the following files to the corresponding file in the new location.
server.xml
If you have customized the server.xml file from the backup taken in 3.2 SP3, 4.0.x, or 4.1.x, ensure that you apply the same to the new server.xml located at C:\Program Files (x86)\Novell\Tomcat\conf\ directory.
Also, add the following line to the server.xml file to use the new features on the user portal. For more information about the new user portal, refer Access Manager 4.2 Release Notes.
<Connector NIDP_Name="localConnector" URIEncoding="utf-8" acceptCount="100" address="127.0.0.1" connectionTimeout="20000" maxThreads="600" minSpareThreads="5" port="8088" protocol="HTTP/1.1" />
An example below shows that the IP address is removed and ciphers added.<Connector NIDP_Name="connector" port="8443" address="" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, ... ../>
Tomcat properties:
Go to C:\Program Files\Novell\Tomcat\bin\tomcat7w. Double-click the tomcat7w file and make a note of any elements or attributes customized in 3.2 SP3, 4.0.x, or 4.1.x.
On the 4.2 server, go to C:\Program Files\Tomcat\bin\tomcat8w. Change the values and attributes as required.
Restart tomcat server using the Windows service. Go to Start > Control Panel > System and Security > Administrative Tools > Services.
IMPORTANT:If NetIQ Access Manager is federated with other service providers or if the users are redirected to Access Gateway protected resources from the Identity Server using the target_url, you may see errors regardless of successful authentication. The ConfigUpgrade script enables ‘Allow any target’ for the ‘Intersite Transfer Service’ configuration service for all the service providers.
You can upgrade by using the same installer you used to install the product. The program detects that Access Gateway Service is already installed and prompts you to upgrade.
Download and run AM_42_AccessGatewayService_Win64.exe file from NetIQ.
Run the installation program. When the installation program detects an installed version of the Access Gateway, it automatically prompts you to upgrade.
Answer Yes to the prompt to upgrade.
Read the Introduction, then click Next.
Review the Readme information, then click Next.
Accept the License Agreement, then click Next.
Specify the following information:
User ID: Specify the name of the administration user for the Administration Console.
Password and Re-enter Password: Specify the password and re-enter the password for the administration user account.
Review the installation summary, then click Install.
Access Gateway Service is upgraded.
View the log files. The install logs are located in the C:\Program Files\Novell\log and C:\agsinstall.log directories.
Restore any customized files from the backup taken earlier.
To restore the files, copy the content of the following files to the corresponding file in the new location.
server.xml:
If you have customized the server.xml file from the backup taken in 3.2 SP3, 4.0.x, or 4.1.x, ensure that you apply the same to the new server.xml located at C:\Program Files\Novell\Tomcat\conf\ directory.
An example below shows that the IP address is removed and ciphers added.<Connector NIDP_Name="connector" port="8443" address="" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, ... ../>
Tomcat properties:
Go to C:\Program Files\Novell\Tomcat\bin\tomcat7w. Double-click the tomcat7w file and make a note of any elements or attributes customized in 3.2 SP3, 4.0.x, or 4.1.x.
On the 4.2 server, go to C:\Program Files\Novell\Tomcat\bin\tomcat8w. Change the values and attributes as required.
Restart the tomcat server by using the Windows service. Go to Start > Control Panel > System and Security > Administrative Tools > Services.