• Threat Defense for Active Directory (TDAD) Upgrade will hang with no errors. 
• Updater service upgrades, then it doesn’t upgrade any other components. 

TDAD 3.5.1 and below attempting to upgrade to 3.6.2 and above. 

The upgrade to 3.6.2 or later is a significant step from our infrastructure perspective; for example, the internal database is migrating from MongoDB to MySQL/MS-SQL and lite DB databases. The Java core components were also upgraded. These major changes can cause problems in the upgrade process. 

Upgrades from 3.5.1 and below may require a temporary staging step to an intermediate build.

Upgrade steps:

1. Take a snapshot of servers (core/remote DM's), or backup for rollback scenario.
2. Validate current state of tdad, sepm, and general AD infrastructure brief (login to SEP, login to TDAD, validate services are running, document the current version and users in use (the DM service user (at the application pool), and the deceptive account (at the policy))
3. Phase I: 
   
   1. Upgrade current build (3.5.1) to staging Intermediate build (3.6.0.0)    
      • Download "SETDAD_UPDATE_3.6.0.0_SIGNED.zip" from the Download Center to the TDAD server
      • Navigate to the Settings > System Update page in the Threat Defense for AD console.
      • Press Install Update Manually
      • Browse and select the file in the dialog box.
      • Press OK.
   2. testing and health check (Described later)
4. Phase II: 
   1. Upgrade to version 3.6.2.4+
      • Download the most current TDAD version from the Download Center
      • Navigate to the Settings > System Update page in the Threat Defense for AD console.
      • Press Install Update Manually
      • Browse and select the file in the dialog box.
      • Press OK.
5. Phase III:
   1. Health check
      • Simulate alarms for testing
      • verify DB changed to LiteDB - 
      • C:\Program Files\Symantec\Endpoint Threat Defense for AD\DB\ - check the existence of DB's
      • During the upgrade and after - check for errors in the Upgrade log if needed: "C:\Program Files\Symantec\Endpoint Threat Defense for AD\SETDADUpdateSvc\Logs\SETDADUpdateSvc.log."
      • Check all services up and running from the services.msc/sc command (or PowerShell - Get-Service -Name SETDAD*)
      • Verify the Symantec Tomcat service is referring Tomcat 9 (at the service path)
      • Verify the versions are changed

Note: When the upgrade is finished, the AD topology checking and the AI engine procedures are triggered (AI engine rebuilding the deceptive information, in large organizations, can take few hours).