7.4 Upgrading Privileged Account Manager

When you are upgrading Privileged Account Manager, only the individual module packages are upgraded. Hence, the installer file will continue to show the installed version rather than the upgraded version. If you want to view the version of Privileged Account Manager running on all Manager and Agent computers, execute the ./unifi -u <username> -p <password> regclnt status -a -s command on any Privileged Account Manager host. For more information about the command, see Agent Status.


  • Disconnect all Privileged Account Manager sessions to the host on which you are installing the package.

  • Ensure that latest packages are available in the Package Manager. For publishing packages on the Package Manager, see Publishing Packages on the Package Manager.

You must upgrade all PAM manager and agent components. You can upgrade all hosts or selected hosts in the following ways:

7.4.1 Upgrading Through Command Line

You can upgrade Privileged Account Manager by executing certain commands in the agent or the framework manager. To use these upgrade commands, you must have the unifi file in your machine at the location /netiq/npum/bin/. This file is available as part of the Privileged Account Manager ISO. For information about the upgrade commands and its usage, refer Upgrade and Rollback Packages.

7.4.2 Upgrading Through Console

You can upgrade Privileged Account Manager from the console, only if the Enable Package Management Through Host Console is set to Yes in the Package Manager > Settings > Agent Package Management.

To upgrade from the console, perform the following:

  1. Upgrade your Framework Manager:

    1. Click Hosts.

    2. Select the host that is your Framework Manager.

    3. Click Update Packages in the task pane.

      The Framework Patch is displayed. This package must be updated to 3.6 before you can update any other packages. If the Framework Patch package is not displayed, follow the steps in Publishing Packages of Major Releases and add the Framework Patch for your platform.

    4. Select the package, then click Next.

      Ensure that the Credential Vault package (prvcrdvlt) is selected. If you do not update Credential Vault package (prvcrdvlt), you will not be able to manage privileged credentials.

    5. When the package is installed, click Finish.

    6. Click Update Packages in the task pane.

    7. Select all required packages, then click Next.

    8. When the packages are installed, click Finish.

    9. Verify that all packages display a 3.6 version. If they don’t, return to Publishing Packages on the Package Manager and download any missing package.

  2. (Conditional) If there are any new packages introduced in 3.6, you must install those packages on your Framework Manager:

    New package introduced in 3.6 is Task Manager (taskmanager). Task Manager package is required only if you want to rotate resource password using PAM. Before installing the Task Manager package, review the Prerequisites in the Privileged Account Manager Administration Guide.

    1. Click Hosts.

    2. Select the host that is your Framework Manager, use the arrow to display the packages, then select Packages.

    3. Click Install Packages.

    4. Select packages newly added in 3.6 and then click Next.

    5. Click Finish.

  3. Upgrade your agents:

    1. Click Hosts on the home page of the console.

    2. Select the hosts that are agents or select the domain containing the agents.

    3. Click Update Packages in the task pane.

    4. Select the Framework Patch, then click Next.

    5. Click Update Packages in the task pane.

    6. Select the listed packages, then click Next.

    7. When the packages have installed, click Finish.

    8. Verify that all packages display 3.6 version.

7.4.3 Upgrading Using the Privileged Account Manager Installer

You can upgrade Privileged Account Manager Packages using the Privileged Account Manager Installer.


  • You must have the administrator privilege for the unifi module to execute this command in the local agent machine.

  • This method is supported only in Windows computer.

To upgrade Privileged Account Manager:

  1. Download the Privileged Account Manager installation file from the NetIQ Downloads website.

  2. (Conditional) For interactive upgrade, run the following installer file and follow the onscreen prompts:


  3. (Conditional) For silent upgrade, use the following command:

    Syntax: msiexec /i <Installer Filename> /passive USERNAME=<"username"> PASSWORD=<"password"> REINSTALL=ALL REINSTALLMODE=VOMUS

    Example: msiexec /i netiq_pam_manager_3.6.0_x64.msi/passive USERNAME="admin" PASSWORD="novell123" REINSTALL=ALL REINSTALLMODE=VOMUS

    If you have mapped your local account to a Framework Manager user (see Modify User: Native Maps ), you need not specify the user name and password.

    Example: msiexec /i netiq_pam_manager_3.6.0_x64.msi /passive REINSTALL=ALL REINSTALLMODE=VOMUS

    For more information about other msiexec command-line options, see Microsoft documentation.