5.3 Upgrading Secure Configuration Manager

This section provides requirements and instructions for upgrading to Secure Configuration Manager 6.0.

5.3.1 Preparing to Upgrade

Before upgrading Secure Configuration Manager, you need to prepare the environment through the following steps.

To prepare your environment for upgrade:

  1. Verify that the version of Secure Configuration Manager currently running in your environment is supported by the upgrade process. For more information, see Section 5.1, Secure Configuration Manager Upgrade Checklist.

  2. To ensure a clean snapshot of your Secure Configuration Manager database, close all consoles and shut down Core Services. Follow these steps to shut down Core Services:

    1. Log on to the Core Services computer.

    2. Click Services in the Administrative Tools program folder, and then click NetIQ Core Services.

    3. On the Action menu, click Stop.

  3. Using Microsoft SQL Server Enterprise Manager, ensure no users are connected to the Secure Configuration Manager database.

  4. Back up your Secure Configuration Manager database. For more information, see the Microsoft SQL Server documentation.

  5. Ensure the free disk space allocated for the database upgrade is at least four times the size of the current VigilEnt.mdf file. By default, you can find the VigilEnt.mdf file at C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data.

  6. To ensure that the Browser Service is running in SQL Server, complete the following steps:

    1. Open SQL Server Configuration Manager.

    2. In the left pane, select the SQL Server services.

    3. In the right pane, ensure SQL Server Browser is set to Running.

    4. (Conditional) If the SQL Server Browser is stopped, select SQL Server Browser, and on the Action menu, click Start.

  7. To ensure that the TCP/IP protocol is enabled in SQL Server, complete the following steps:

    1. In the left pane, expand SQL Server 2005 Network Configuration and select Protocols for <database server name>.

    2. In the right pane, ensure that TCP/IP is set to Enabled.

    3. (Conditional) If the TCP/IP protocol is disabled, select TCP/IP, and on the Action menu, select Enable.

  8. Before you run the upgrade program, ensure that no users are connected to the database and no Secure Configuration Manager consoles are running. The database upgrade fails if users attempt to connect to the database at any time during the upgrade process.

5.3.2 Stop Scheduled Jobs Before Upgrade

You cannot run scheduled jobs during the upgrade of Secure Configuration Manager. Scheduled jobs that complete or start during the upgrade process indicate a zero score upon completion. You must run the jobs again.

To stop pending jobs:

  1. In the Pending jobs queue, right-click the job.

  2. On the context menu, click Cancel.

To prevent jobs from running:

  1. In the Scheduled jobs queue, right-click the job.

  2. On the context menu, click Disable.

  3. After upgrading Secure Configuration Manager, right-click the job in the Scheduled jobs queue.

  4. On the context menu, click Enable.

5.3.3 Upgrading Secure Configuration Manager

If a Windows agent exists on the Core Services computer, the setup program upgrades the agent. Otherwise, the setup program installs and registers a new Windows agent on the computer. The new agent and the endpoint representing the computer’s operating system become a managed system in your asset map.

To upgrade Secure Configuration Manager:

  1. Ensure that you have prepared your environment for upgrade. For more information, see Section 5.3.1, Preparing to Upgrade.

  2. Ensure that the computers on which you want to upgrade Secure Configuration Manager components meet the specified requirements. For more information, see Section 2.0, Planning to Install Secure Configuration Manager and Step 5 of Section 5.3.1, Preparing to Upgrade.

  3. To upgrade Core Services and the Secure Configuration Manager database, complete the following steps:

    1. Log on to the Core Services computer with the appropriate permissions:

      • (Conditional) If Core Services and the database are installed on the same computer, log on as a user with local administrator rights.

      • (Conditional) If Core Services and the database are installed on different computers, you must log on to the Core Services computer with an account that has administrator rights in SQL Server.

        NOTE:If Core Services and the Secure Configuration Manager database are installed on different computers, the Secure Configuration Manager installation kit detects the database location and upgrades it along with Core Services.

    2. Exit all programs that are open on the computer.

    3. Run the setup program from the root folder of the Secure Configuration Manager installation kit.

    4. Select Upgrade and then click Next.

    5. Follow the instructions in the wizard until you have finished upgrading the product.

    6. (Conditional) If the upgrade process prompts you to install the Windows agent, you must specify a run-as account for the Windows agent service. For more information about the Windows agent service and permissions, see the Installation and Configuration Guide for NetIQ Secure Configuration Manager Windows Agent.

    7. Do not stop or start Core Services until the upgrade process completes.

      After the upgrade window closes, Secure Configuration Manager continues to run the upgrade processes.

  4. To upgrade consoles, complete the following steps on each console computer:

    1. Log on to the console computer with an administrator account.

      NOTE:You must wait until the database upgrade completes before you can log on to a Secure Configuration Manager console.

    2. Exit all programs open on the computer.

    3. Run the setup program from the root folder of the Secure Configuration Manager installation kit.

    4. (Conditional) If you accept the terms in the license agreement, click Accept and then click Next.

    5. Select Upgrade and then click Next.

    6. Follow the instructions in the wizard until you have finished installing the product.

  5. Once you have completed the upgrade, re-run the AutoSync wizard in Secure Configuration Manager to download the latest security knowledge. For more information about the AutoSync feature, see Section 5.4, Updating Security Knowledge and the User Guide for NetIQ Secure Configuration Manager.

Troubleshooting Database Upgrade Failure

If your database upgrade fails due to a power outage, users connecting to the database during upgrade, or other errors, restore the database backup you made prior to upgrade and run the database upgrade again. You can find information to help you troubleshoot database issues in the log files. To access your log files, enter %TEMP% in the Windows Run command window. For information about restoring a database, see the Microsoft SQL Server documentation.

Upgrading Active Directory Endpoints

Secure Configuration Manager has an endpoint type for Active Directory computers. If you currently have Active Directory endpoints configured as Windows Domain endpoints, you can save them as Active Directory endpoints once you have upgraded. However, the upgrade does not automatically convert those endpoints to Active Directory endpoints. To save an endpoint as an Active Directory endpoint, delete the original Windows Domain endpoint and re-add the endpoint as an Active Directory endpoint. For more information about discovering and adding Windows Domain or Active Directory endpoints, see the User Guide for NetIQ Secure Configuration Manager and the Installation and Configuration Guide for NetIQ Secure Configuration Manager Windows Agent .