Important Version Specific Notes

• Before upgrading to Server version 8.12.0 it is recommended to upgrade the Rules Installer to version 1.32.
• Before upgrading to version 8.11.0 or higher, prevent accidental lockout by verifying the Server License is not expired in Settings > System Configuration > Licensing.
• The first upgrade to version 8.10.2 or higher may take longer than normal, and is expected.

Required Pre-upgrade Activities

• Verify the Server Upgrade Path is supported
• Verify SQL Server is on the latest Cumulative Update.
• Verify the OER for the version upgrading to: Tech Docs > Server > Server OER
• Verify the Rules Installer is version 1.32
• Download the latest App Control Server installer.
• Take a new, known-good, full backup of the DAS database

Upgrade Steps

1. Log in to the App Control Server as the App Control Service Account.
2. If an Agent is installed on the application server it is recommended to temporarily:
   1. Disable Tamper Protection.
   2. Move the Agent to Local Approval.
   3. For other security software on the system make sure Server Exclusions are in place. 
3. Temporarily stop the services:
   • Carbon Black App Control Reporter
   • Carbon Black App Control Services
4. Make sure any external jobs or tasks that rely on the Server are temporarily disabled during the upgrade, examples may include:
   • SQL backups or external SQL scheduled tasks running against the das database
   • Agent deployments or upgrades via Deployment Tools (MECM, Intune, Jamf, etc)
5. Execute the ParityServerSetup.exe file to initiate the upgrade.
6. After the upgrade completes
   1. Validate the Carbon Black App Control Server and Reporter Services are started.
   2. Log in to the Console and verify Agents are beginning to show as Connected.

Considerations When Using Always On Availability Groups

As a reminder: While the use of a SQL Server Availability Group Listener has been verified as a valid Database Server option, no testing is conducted in-house. Design, implementation and maintenance of a SQL Server Always On Availability Group is outside the scope of Support. The following steps are a best effort.

1. Temporarily disable the sync.
2. Follow the Upgrade Steps above to upgrade the Primary.
3. After successfully upgrading the Primary, take a full database backup from the Primary and restore on the Secondary.
4. Reinstall the App Control Server on the Secondary to match the Primary version.
5. Verify MultiSubnetFailover Configuration.
6. Re-enable the sync.

Note: Upgrading the App Control Server software does not upgrade the Agent or Rules Installers. This is done through a separate process.

• Some upgrades require a reclassification of rules.
  • This takes place automatically after an upgrade, the Console could be down for 5-30 minutes on average while this classification takes place.
• During the Server upgrade:
  • The Console will be unavailable.
  • Agents will continue to enforce based on the Disconnected Enforcement Level specified in the Policy.
  • By default, this is the same as the Connected Enforcement Level.
  • Event information is stored locally in the Agent's cache and reported to the Server once the connection is restored.
• Newer Server versions can communicate with older Agents, and Agents typically don't need to be upgraded at the same time.
• App Control Server Install logs can be found here.
• For more detailed instructions, please refer to Tech Docs > Server > Server Installation Guide
• How to Collect Logs for Server Upgrade Failures