The following article provides guidelines for migrating a stand-alone ITMS 8.5 or 8.6 instance to ITMS 8.7 using new hardware and a new host name for the Notification Server.
These steps should provide the general idea of what to consider if you were to migrate from an ITMS 8.7.x server to a new ITMS 8.7.x server.
The descriptions of the old environment and the new environment are as follows:
NOTE: For latest software and Operating systems supported, please visit the online Platform and OS Support Matrix.
Old environment | New environment |
|
|
An Operating System upgrade is needed on the SMP or new hardware is available
Migrating an ITMS 8.5 environment to ITMS 8.7 that runs on new hardware, a new SQL Server, and a new Windows Server involves the following:
Step 1. Installing and configuring the new ITMS server
Step 2. Moving physical software update packages to the new ITMS server
Step 3. Moving physical software delivery packages to the new ITMS server
Step 4. Moving physical Win ADK installation files and other files to the new ITMS server
Step 5. Redirecting the CEM clients to the new ITMS server
Step 6. Redirecting the site servers to the new ITMS server
Step 7. Checking the communication between the client computers and the new ITMS server
Step 8. Upgrading the agents and plug-ins
1. On the current SQL Server, create a backup of ITMS 8.5 RU4 Symantec_CMDB
2. On ITMS 8.5 RU4 server, in Symantec Installation Manager (SIM), on the Installed Products page, click Repair installed products.
3. On the Repair page, click Back up or restore Notification Server configuration, and then click Next.
4. On the Backup or Restore Notification Server KMS Encryption Keys page, specify the Location and Password for KMS keys, and then click Back Up.
KMS encryption keys will be backed up in a Package_%.zip file.
5. Copy the backup of the ITMS 8.5 RU4 Symantec_CMDB database to the new SQL Server.
Open SQL Management Studio for the required new SQL Server instance name and restore the ITMS 8.5 RU4 database backup. The Symantec_CMDB database backup can be restored/named to something different (like Symantec_CMDB_2 for example) if you want and still the KMS Encryption keys previously backed up will work.
NOTE
Make sure that the new SQL Server instance has the same SQL Collation as on the old SQL Server instance where ITMS 8.5 RU4 Symantec_CMDB database backup was taken from. Right-click the SQL Server instance and make sure that the SQL Collation is the same between the old and the new SQL Server instance.
6. Download and install SIM, the latest version, on the new Windows Server with a new hostname.
Download the Symantec Installation Manager
7. In SIM, check Show all available versions and select the desired 8.7.x for installation. Make sure you still have valid licenses
NOTE It is recommended that you select the highest version possible so that there is only one upgrade to perform. You can upgrade from 8.5 RU4 directly to 8.7.2 for example.
Upgrade to IT Management Suite 8.7
The following on-box and off-box upgrade scenarios are supported:
From IT Management Suite 8.5 RU4 to IT Management Suite 8.7.x
From IT Management Suite 8.6 to IT Management Suite 8.7.x
From IT Management Suite 8.6 RU1 to IT Management Suite 8.7.x
From IT Management Suite 8.6 RU2 to IT Management Suite 8.7.x
About Upgrade Paths of IT Management Suite
8. (Optional) On the Optional Installations page, check Install Language Packs, and Install Migration Wizard, and then click Next.
9. On the Install Location page, specify the location of the ITMS installation on the new Windows Server and then click Next.
NOTE
If you install the new ITMS version using the existing/restored Symantec_CMDB database, use the same installation location as on the old ITMS server to avoid problems with the incorrect path of package source(s), etc.
10. On the Install Readiness Check page, apply any detected prerequisites.
NOTE
8.7.1 requires .NET 4.8 to be installed on the SMP AND Site Servers.
11. On the Notification Server Configuration page, specify the following:
ºNS App Identity account name (you can use the same as in the previous 8.5 RU4 ITMS or you can use a new one)
ºIIS ports
ºSelect or import existing certificate or allow SIM to generate a self-signed certificate.
ºCheck Require HTTPS to access the Management Platform (only if you want to use HTTPS or CEM)
12. On the Database Configuration page, specify the following:
New SQL Server instance where you have restored ITMS 8.5 RU4 Symantec_CMDB
If Browse does not show the required SQL Server instance name, type it manually.
Credentials that have access to this new SQL Server instance.
Choose Use existing and make sure that the correct ITMS 8.5 RU4 Symantec_CMDB database is selected.
13. On the Restore Notification Server Cryptographic Keys page, select the Package_%.zip file that you created in SIM on the old ITMS 8.1 RU7 server (steps 2-4), and then click Next.
NOTE
If you don’t have the KMS .zip package from the old ITMS server (and it is impossible to get KMS data), the settings, policies, client tasks, and stand-alone replication rules, where custom passwords were used will not work until you will manually re-enter and save them on the new ITMS server.
In case of a domain user usage with a password in settings policies, tasks, stand-alone replication rules, etc. this can cause domain account lockout.
14. On the Review Installation Details page, review all settings and then click Begin install to start the installation.
15. In SIM, click Upgrade installed products and start the installation of 8.7.x if you didn't upgrade from 8.5 RU4 to 8.7.x directly. Remember, you can upgrade from 8.5 RU4 to 8.7.x directly.
NOTE
There is no need to upgrade the Symantec Management Agent on the client computers after upgrading to 8.7. Start upgrading the agents after upgrading to 8.7.x. For more information, see "Backward Compatibility for SMA and plug-ins".
16. (Optional) After installing ITMS 8.7.x, perform the following tasks:
ºBack up KMS data in SIM
Backing Up and Restoring Notification Server KMS Encryption Keys
Apply ITMS 8.7.x point fixes KB 366939
1. On the old ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
2. In the Migration Wizard, select Export data from a Symantec Notification Server to a file store, specify the Datastore location and file name and then click Next.
(Specify a name that makes it easy to find the *.adb file later.)
3. Check Patch Management Solution to gather all available physical software update packages.
(Uncheck other checkboxes.)
4. Make sure that data will be exported from the correct SQL Server and Symantec_CMDB database, and then click Next.
5. After exporting the physical software update packages, check the number of exported files. (Pay attention to the free disk space because there can be GBs of data.)
6. Move the PackageFiles folder and *.adb file from the old ITMS server to the new ITMS server.
7. On the new ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
8. In the Migration Wizard, select Import data from a file store into a Symantec Notification Server, specify the exported *.adb file and then click Next.
9. Enter the password that you created previously.
10. Make sure that only Patch Management Solution is checked, and then start data import.
1. On the old ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
2. In the Migration Wizard, select Export data from a Symantec Notification Server to a file store, specify the Datastore location and file name and then click Next.
(Specify a name that makes it easy to find the *.adb file later.)
3 Check Software Management, uncheck all other items, and then start the export.
4. Move the PackageFiles folder and *.adb file from the old ITMS server to the new ITMS server.
5. On the new ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
6. In the Migration Wizard, select Import data from a file store into a Symantec Notification Server, specify the exported *.adb file, and then click Next.
7. Make sure that only Software Management is checked, and then start data import.
NOTE
Migration Wizard exports/imports only Software Management Solution physical packages that are located on the ITMS server. It does not export/import software packages with the UNC, HTTP, or Software Library source.
Example of a Software package with Source Location "Local" that can be exported/imported using the Migration Wizard.
1. On the new ITMS server, install Windows ADK, configure it, and create a new WinPE following the steps in the KB article: Installing WinPE10 ADK for use in Deployment Solution 8.x OR Installing WinPE11 ADK for use in Deployment Solution 8.x
NOTE:
Agent Communication profile in Preboot Configurations page might need to be updated (and then Preboots would need to be rebuilt) after the migration if it points to the old SMP Server. Use the new Agent Communication Profile for this new SMP server.
2. If you had Copy File, Install OS, Deploy Image, and Capture Personality tasks on the old ITMS server and now these tasks are available on the new ITMS server, you must manually copy/paste all related physical files from the old ITMS server to the new ITMS server.
For Copy File tasks content, copy all folders from \\localhost\NSCap\bin\Deployment\Packages\CopyFile\ on the old ITMS server and upload them to the same location on the new ITMS server.
3. For OS Files and SOI tasks, copy all folders from \\localhost\NSCap\bin\Deployment\Packages\SOI on the old ITMS server and upload them to the same location on the new ITMS server.
After uploading the copied folders to \\localhost\NSCap\bin\Deployment\Packages\SOI on the new ITMS Server, each folder will contain an old version of the Symantec Management Agent installation package.
To trigger the regeneration of the Symantec Management Agent installation package and replace the AeXNSC.exe file with the most recent version, do the following:
a. On the Agent Install page, click Default Settings.
In the Symantec Management Agent Settings dialog box, uncheck or check any of the checkboxes indicated on the image below, and then click OK.
(After regenerating the installation package, you can go back to the Default Settings page and restore the required settings.)
b. When the Symantec Management agent installation package generation starts, you will see a message about SOI packages update in Log Viewer.
c. After the package regeneration, each SOI folder contains the latest exe installation file, and the Install Windows OS task will install the latest version of Symantec Management Agent on the clients (together with the operating system).
4. For Images, copy the content of \\localhost\NSCap\bin\Deployment\Packages\Images folder on the old ITMS server and upload it to the same location on the new ITMS server. Also, refer to "How to re-import Image files after migrating to a new SMP Server"
5. For PCTPackages, copy the content of \\localhost\NSCap\bin\Deployment\Packages\PCTPackages folder on the old ITMS server and upload it to the same location on the new ITMS server.
6. For Drivers, copy required drivers from \\localhost\NSCap\bin\Deployment\DriversDB\ on the old ITMS and upload them to the same location on the new ITMS.
Also, refer to About location of Deployment Solution packages for more file locations to consider copying its contents.
1. On the new ITMS server, in the Symantec Management Console, go to Settings > Notification Server > Cloud-enabled Management >Setup > Cloud-enabled Management Agent IIS Website Settings and create a Symantec Agent CEM Website with the following settings:
2. After creating the CEM Website on the new ITMS server, add the new ITMS server to the old Internet gateway (the Internet gateway version can be 8.1 RU7 or 8.5) that serves the CEM clients of the old ITMS server.
3. On the new ITMS server, enable the Cloud-enabled Management Settings policy.
Add the old CEM Gateway(s) and apply the policy to client computers. (Do not include the Site Server computers.)
4. On the new ITMS server, go to Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication profiles, and do the following:
a. Open the NS communication profile and make sure that the required SSL settings, TLS versions, certificates, required hostname, and FQDN with correct ports are specified for HTTP/HTTPS, and then save changes.
b. Right-click this profile, and click Export.
c. In the Export SMP Server Communication Profile dialog box, select Export profile using legacy encryption format if FIPS is not enabled on your ITMS server and select Using FIPS Compliant format if FIPS is enabled.
d. Specify password.
You need this password during the import of this profile to your old ITMS server.
e. Make sure that you choose the correct Cloud-enabled Management Settings policy for Use gateway information from the policy.
CEM clients will then use the correct Internet gateway to establish the connection to the new ITMS server when they are redirected from the old ITMS server.
f. Specify an appropriate expiration date for Temporary certificates for CEM Agents that will expiry
Sometimes 1 week may not be enough to move all CEM clients to a new ITMS server.
g. Download the exported NS Communication profile .xml file and upload it to the old ITMS server.
h. On the old ITMS server, in the Symantec Management Console, go to Settings > Agents/Plug-ins > Symantec Management Agent, right-click Symantec Management Agent Communication profiles folder, click Import profile, browse the .xml file, enter the password, and then click OK.
i. On the old ITMS server, in the Symantec Management Console, click the imported ITMS communication profile and check that the imported profile from the new ITMS server has the correct settings including CEM temporary certificate expiration date/time.
NOTE
Following the steps above to this point will not affect communication between the CEM clients and the old ITMS server and Internet Site Server(s). Performing the next step (j) will redirect the CEM clients to the new ITMS server and Internet Site Server(s).
j. To redirect the intranet and CEM clients from the old ITMS server to the new ITMS server, create a Targeted Agent Settings policy that is only applied to the required client computers, and on the Advanced tab of this policy, check Specify an alternate URL for the Symantec Management Agent to use to access the NS, choose the communication profile that you imported from the new ITMS server, check Allow Symantec Management Agents to perform Cloud-enabled registration on specified Notification Server, save the changes, and then refresh the policies on the client computers.
1. Create a Targeted Agent Settings policy and apply it to required Site Servers.
NOTE
For Site Servers redirection, do not check Allow Symantec Management Agents to perform Cloud-enabled registration on specified Notification Server, because Site Servers should not have CEM Settings policy applied, select the new ITMS NS Communication profile, save the changes, and then refresh policies on Site Servers.
If you apply CEM settings policy to an existing or a future Site Server, you cannot add Task service, monitor service, or NBS service to this Site Server. You will only be able to add Package service.
NOTE
Verify that the Master Certificate under the Global Site Server settings has changed to the certificate for the new host (in cases when you use a pre-existing database).
2. Restore Task Server and Package Server site servers that are redirected to the new ITMS server.
On the new ITMS server, open Windows Task Scheduler and execute the following tasks:
ºPackage Server Status Event Capture Item.{f85fe5d9-005a-40ac-b213-944b496405fe}
ºRestore Task Servers.{c15c41cf-396f-401d-ab35-580c0ba950a3}
1. On the new ITMS server, in the Symantec Management Console, go to Reports > Notification Server Management > Agent, and open the Agent Connection Status
Sort the report by Reported column or use the Group By option.
2. Open the Computer last information update time report, and sort it by Date Modified.
3. Agent Health summary report in ITMS Management views page (at Manage > Computers > All Computers) shows the common status of Notification Server clients.
1. In the Symantec Management Console, go to Reports > Notification Server Management > Agent, and open the ITMS Plug-ins status report to identify the required upgrade policies. You can select multiple policies and enable them at once. KB 251779 "How to display all the Agent plug-in policies in one single place"
KB 204145 "Migrating a stand-alone ITMS 8.1 RU7 or newer instance to the latest ITMS Version using new hardware and a new host name for Notification Server"