It is recommended to upgrade when the user’s activities are low. The period of upgrade must be reduced as the replication of databases that do not synchronize can break the DB servers.
Officially support for Advanced Authentication 5.4 and prior version has concluded according to https://www.microfocus.com/lifecycle/ mainstream support. NetIQ now supports the upgrade for Advanced Authentication 5.5 and newer versions.
To upgrade Advanced Authentication 5.5 and newer versions, perform the following steps:
Create snapshots for all the Advanced Authentication servers.
Check System requirements and increase the RAM to 4GB if you have allocated less amount of RAM to the server.
Open the Advanced Authentication Administrative Portal in the Global Master server and go to the Updates section.
Click Update to apply the Operating System updates.
An error Database is restarting (AuError) might be displayed. Wait to check for updates.
Click Check for updates and then Update.
After you upgrade, an error UnpicklingError invalid load key, 'W'. (Internal Server Error) can occur in the Advanced Authentication Administrative Portal due to expired cookies. The workaround is to clear the browser's cookies and try again.
In the menu on the top, click an administrator's username and select Reboot.
Log in to the Advanced Authentication Administrative Portal on the upgraded server.
Switch to the Cluster section and click Conflicts to check and resolve any conflicts.
Repeat steps Step 2 to Step 7 for DB servers and for Step 2 to Step 6 Web servers.
IMPORTANT:If you use Advanced Authentication server as a RADIUS server and have configured different RADIUS clients in different Advanced Authentication sites, then after upgrading to 5.6 Patch Update 1, the RADIUS configuration will be synchronized between the sites. You must add all the RADIUS clients in a single site. The configuration will be replicated to the servers in other sites.
WARNING:If you deny access to some of the Advanced Authentication server URLs with firewall, you must update rules because of a fix All Advanced Authentication Portals Require Access to /admin/api in the Advanced Authentication Patch Update 1. Advanced Authentication no longer requires /admin/api to access the Advanced Authentication portal. Instead, the server uses /user/api.
If you upgrade from 5.5 Patch Update 1 and previous versions and if you have used the Multitenancy feature previously, then you must add a new license with the Multitenancy support and restart all the Advanced Authentication servers. Ensure that you get the new license before you perform the upgrade.
Ignore the Advanced Authentication Administrative portal error messages displayed for non-upgraded servers when DB master is already upgraded.
NOTE:If you performed an upgrade for a DB server and you are unable to log in to the Advanced Authentication Administrative portal, perform the following steps:
Ensure that you are able to log in to the Administrative portal on the Global Master server.
Turn off the Global Master server.
Wait until all other servers are available.
Start the upgrade on all other servers with the above instructions simultaneously.
NOTE:After you upgrade to 5.6 Patch Update 4, the Database (DB) slave servers are susceptible to a replication conflict. To resolve this conflict, click Fix in the Conflicts section on both the DB master and slave servers. Such conflicts will not occur again.