ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Data Center Security Server (DCS) Upgrade Plan: Know before you upgrade

book

Article ID: 213959

calendar_today

Updated On:

Products

Data Center Security Server Data Center Security Server Advanced Data Center Security Monitoring Edition

Issue/Introduction

If you plan to upgrade your DCS Manager you should follow this article to ensure a seamless upgrade.

Environment

Data Center Security (DCS)

Resolution

-Make a backup of the database. (Possibly shrink, follow up with DBA)

https://docs.microsoft.com/en-us/sql/relational-databases/backup-restore/create-a-full-database-backup-sql-server?view=sql-server-ver15

-Snapshot or backup of the DCS manager.

https://knowledge.broadcom.com/external/article?legacyId=TECH218063

-Backup all the .ssl files and certs in the DCS directories. (install directory/server)

      --cacerts file location (install directory/server/jre/lib/security/cacerts)

-Backup of the server.xml and the quartz.properties files (install directory/server/tomcat/conf)

-Ensure you have adequate space on the manager and DB.
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/data-center-security-(dcs)/6-9/get-started-v127593720-d3608e140226/system-requirements-v127649042-d3608e140555.html 

-Stop all maintenance tasks on the DB (nothing should be running, Splunk connectors, etc.)

-Verify your users are present/enabled in the database and have the correct permissions and you have the passwords that you installed with. (It's common for DBAs to disable accounts like SA and the umcadmin account)

-Stop DCS services on ALL managers.

-Stop AV and disable UAC and SmartScreen (SEP tamper protection in particular, if applicable)

-Ensure no GPO is set to re-enable the services.

-If there's an agent on the managers, set the prevention policy to null.

-Verify registry key on the primary server. TomcatOnlyInstall on primary server should not exist or should be set to FALSE.
https://knowledge.broadcom.com/external/article?articleId=161229

-Ensure scsp_ops and umcadmin passwords are 17 or more characters in length, the upgrade will fail on the UMC database if the password is under 17 characters

-Upgrade primary (run server.exe as ADMIN)

-Upgrade secondary (run server.exe as ADMIN)

Additional Information

-If you have windows agents lower than 6.7.3.1474, you will need to apply the liveupdate fix after your upgrade is complete. (Partner with support for the workaround)

-Sometimes the Java console fails to upgrade with 6.9.0 due to lack of permissions to a directory that houses legacy console files.
https://knowledge.broadcom.com/external/article?articleId=206509

-You will see an automatic upgrade option in the UMC for the Linux agents in 6.9. This feature will not work to upgrade any agents lower than 6.9.0 and there will not be a new agent released that works for the auto upgrade until 6.9.1. Please don't use that feature quite yet.