ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SCSP/SDCS:SA upgrade of manager fails after upgrade.

book

Article ID: 161283

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Critical System Protection Client Edition Data Center Security Server Advanced

Issue/Introduction

After upgrading the manager and console customer cannot log into the manager and agents are not connecting as well.

Failed login popup from the console when trying to login to the manager.

Sis-console.log file contains error message reported by customer i.e. 53 2014-10-07 18:35:22.836 [ERROR] [LoginHandler:55] java.sql.SQLException: Invalid column name 'Salt'

Cause

The first management server installed in an environment builds out the SCSPDB data base and then installs the server.exe binaries on the local system. When adding additional managers we use what we call a Tomcat only install this just installs the server.exe binaries to the local system and does not touch the SQL data base or even check the SQL schema.

 
During the upgrade process we check if the current installation is tomcat-only installation; by reading the value of this registry key for TRUE or FALSE.
 
“HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Intrusion Security\Manager\TomcatONLYInstall”   (for 32 OS)
“HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Intrusion Security\Manager\TomcatONLYInstall” (for 64 bit OS)
 
If the value of this registry key is true, then we set INSTALL_DBSCRIPTS 0 for FALSE and 1 for TRUE. In SISManagementInstallWrapper.log file you will find this entry "INSTALL_DBSCRIPTS = " with a value of 0 or 1. This value tells the installer whether or not the DB scripts will be executed during upgrade or fresh install of Management server. A value of “0” indicates do not run and a Value of 1 means run the script.

Resolution

Always check the registry value before upgrading and if it is present and set to TRUE remove the whole registry key or set the value to FALSE.

The full recommended procedure is as follows:

  1. Turn off all Secondary Management Server services (i.e., a “Tomcat only” server) connected to the SDCSS database.
  2. Backup the database.
  3. Perform the following steps on only one of the Secondary Management server that connects to the database.
    1. Convert the Secondary Management Server to a “Primary management server” by performing the following steps:
      1. Backup the following registry entry.
      2. Remove the registry entry shown below:
        1. For 32 bit Windows: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Intrusion Security\Manager\TomcatONLYInstall
        2. For 64 bit Windows: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Intrusion Security\Manager\TomcatONLYInstall
    2. By deleting above registry entry secondary server has become a primary management server.
    3. Start the Management Server services on this server.
    4. Login to the Management Console.
      1. Navigate to the Admin | Settings tab.
      2. Under the Settings tab, select the Server | View Configuration option. Select SCSP tab.
      3. This tab has information on SCSP Server Configuration Settings.
      4. Check ‘Master Alert Server’ configuration property. Its value should be above newly converted primary server.
    5. Logout from management console.
    6. Stop the Management Server services on this server.
  4. Run 6.0 MP1 upgrade on this server. The upgrade will take time depending on database size.
  5. Once upgrade is done, start the Management Server service if not currently running.
  6. Run the Management Console and verify the application is working successfully.

Applies To

Customers with more than one manager or older single manager installs where the customer has upgraded the management server to newer hardware and retired the old manager/hardware.