Migrating an ITMS 8.1 RU7 environment to ITMS 8.5 RU4 that runs on a new hardware, new SQL Server, and new Windows Server involves the following:

• Step 1. Installing and configuring the new ITMS server
• Step 2. Moving physical software update packages to the new ITMS server
• Step 3. Moving physical software delivery packages to the new ITMS server
• Step 4. Moving physical Win ADK installation files and other files to the new ITMS server
• Step 5. Redirecting the CEM clients to the new ITMS server
• Step 6. Redirecting the site servers to the new ITMS server
• Step 7. Checking the communication between the client computers and the new ITMS server
• Step 8. Upgrading the agents and plug-ins
  
  

STEP 1. Install and configure the new ITMS server

1. On the current SQL Server, create a backup of ITMS 8.1 RU7 Symantec_CMDB
2. On ITMS 8.1 RU7 server (SIM version 8.5.5712), in Symantec Installation Manager (SIM), on the Installed Products page, click Repair installed products.
   
   
3. On the Repair page, click Back up or restore Notification Server configuration, and then click Next.
4. On the Back up or Restore Notification Server KMS Encryption Keys page, specify Location and Password for KMS keys, and then click Back Up.
   
   KMS encryption keys will be backed up in a Package_%.zip file.
5. Copy the backup of the ITMS 8.1 RU7 Symantec_CMDB database to the new SQL Server.
   
   Open SQL Management Studio for the required new SQL Server instance name and restore the ITMS 8.1 RU7 database backup.
   NOTE
   Make sure that the new SQL Server instance has the same SQL Collation as on the old SQL Server instance where ITMS 8.1 RU7 Symantec_CMDB database backup was taken from.
   Right-click the SQL Server instance and make sure that the SQL Collation is the same between the old and the new SQL Server instance.
   
6. Download and install SIM, the latest version, on the new Windows Server with a new host name.
   Download the Symantec Installation Manager
7. In SIM, check Show all available versions and select the required suite 8.5 for installation
   NOTE
   You must select 8.5 without a RUx version because direct upgrade from 8.1 RU7 to 8.5 RU1, RU2, RU3 or RU4 is not supported. Before you can update from 8.5 to any of the released 8.5 RUx versions, you must upgrade database from 8.1 RU7 to 8.5.)
   About supported upgrade paths of ITMS
   
8. (Optional) On the Optional Installations page, check Install Documentation, Install Language Packs, and Install Migration Wizard, and then click Next.
9. On the Install Location page, specify the location of ITMS installation on the new Windows Server, and then click Next.
   NOTE
   If you install the new ITMS version using existing/restored Symantec_CMDB database, use the same installation location as on the old ITMS server to avoid problems with incorrect path of package source(s), etc.
10. On the Install Readiness Check page, apply any detected prerequisites.
    You can ignore Java and Silverlight requirements, because in 8.5 RU4 they are no longer required.
    To bypass the Java and Silverlight requirements, enable the Next button to start the ITMS installation:
    https://knowledge.broadcom.com/external/article/156257/enable-the-next-button-for-the-install-r.html
    
11. On the Notification Server Configuration page, specify the following:
    • NS App Identity account name (you can use the same as in previous 8.1 RU7 ITMS or you can use a new one)
    • IIS ports
    • Select or import existing certificate or allow SIM to generate a self-signed certificate.
    • Check Require HTTPS to access the Management Platform (only if you want to use HTTPS or CEM)
    
12. On Database Configuration page, specify the following:
    • New SQL Server instance where you have restored ITMS 8.1 RU7 Symantec_CMDB
      If Browse does not show the required SQL Server instance name, type it manually.
    • Credentials that have access to this new SQL Server instance.
    • Choose Use existing and make sure that the correct ITMS 8.1 RU7 Symantec_CMDB database is selected.
    
13. On the Restore Notification Server Cryptographic Keys page, select the Package_%.zip file that you created in SIM on the old ITMS 8.1 RU7 server (steps 2-4), and then click Next.
    
    

    NOTE
    If you don’t have the KMS .zip package from the old ITMS server (and it is impossible to get KMS data), the settings, policies, client tasks, stand-alone replication rules, where custom passwords were used will not work until you will manually re-enter and save them on the new ITMS server.
    In case of a domain user usage with password in settings policies, tasks, stand-alone replication rules, etc. this can cause domain account lockout.

14. On the Review Installation Details page, review all settings, and then click Begin install to start the installation.
    
15. After the ITMS 8.1 RU7 database is upgraded to ITMS 8.5, you can perform upgrade from 8.5 to 8.5 RU4.
    In SIM, click Upgrade installed products and start installation of 8.5 RU4.
    
    NOTE
    There is no need to upgrade the Symantec Management Agent on the client computers after upgrading to 8.5. Start upgrading the agents after upgrading to 8.5 RU4.
    For more information, see "Backward Compatibility for SMA and plug-ins".
16. (Optional) After installing ITMS 8.5 RU4, perform the following tasks:
    • Back up KMS data in SIM
      Backing Up and Restoring Notification Server KMS Encryption Keys
    • Apply ITMS 8.5 POST RU4 point fixes
      https://knowledge.broadcom.com/external/article/198337/

 STEP 2. Move physical Patch Management Solution software update packages to the new ITMS server using Migration Wizard

1. On the old ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
2. In the Migration Wizard, select Export data from a Symantec Notification Server to a file store, specify the Data store location and file name, and then click Next.
   (Specify a name that makes it easy to find the *.adb file later.)
   
   
   
3. Check Patch Management Solution to gather all available physical software update packages.
   (Uncheck other checkboxes.)
   
4. Make sure that data will be exported from the correct SQL Server and Symantec_CMDB database, and then click Next.
   
5. After exporting the physical software update packages, check the number of exported files. (Pay attention to the free disk space because there can be GBs of data.)
   
6. Move PackageFiles folder and *.adb file from the old ITMS server to the new ITMS server.
   
7. On the new ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
8. In the Migration Wizard, select Import data from a file store into a Symantec Notification Server, specify the exported *.adb file, and then click Next.
9. Enter the password that you created previously.
10. Make sure that only Patch Management Solution is checked, and then start data import.
    

STEP 3. Move physical Software Management Solution software packages to the new ITMS server using Migration Wizard

1. On the old ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
2. In the Migration Wizard, select Export data from a Symantec Notification Server to a file store, specify the Data store location and file name, and then click Next.
   (Specify a name that makes it easy to find the *.adb file later.)
3. Check Software Management, uncheck all other items, and then start export.
   
4. Move PackageFiles folder and *.adb file from the old ITMS server to the new ITMS server.
   
5. On the new ITMS server, go to %NS INSTALLATION DIR%\Altiris\Upgrade and open NSUpgradeWizard.exe
6. In the Migration Wizard, select Import data from a file store into a Symantec Notification Server, specify the exported *.adb file, and then click Next.
7. Make sure that only Software Management is checked, and then start data import.
   
   NOTE
   Migration Wizard exports/imports only Software Management Solution physical packages that are located on ITMS server. It does not export/import software packages with the UNC, HTTP, or Software Library source.
   Example of a Software package with Source Location "Local" that can be exported/imported using the Migration Wizard.
   

STEP 4. Move physical Deployment Solution Win ADK installation files and other files to the new ITMS server

1. On the new ITMS server, install Windows ADK, configure it, and create a new WinPE following the steps in the KB article: Installing WinPE10 ADK for use in Deployment Solution 8.x
   
2. If you had Copy File, Install OS, Deploy Image, Capture Personality tasks on the old ITMS server and now these tasks are available on the new ITMS server, you must manually copy/paste all related physical files from the old ITMS server to the new ITMS server.
   For Copy File tasks content, copy all folders from \\localhost\NSCap\bin\Deployment\Packages\CopyFile\ on the old ITMS server and upload them to the same location on the new ITMS server.
   
3. For OS Files and SOI tasks, copy all folders from \\localhost\NSCap\bin\Deployment\Packages\SOI on the old ITMS server and upload them to the same location on the new ITMS server.
   
   After uploading the copied folders to \\localhost\NSCap\bin\Deployment\Packages\SOI on the new ITMS Server, each folder will contain an old version of the Symantec Management Agent installation package.
   To trigger the regeneration of the Symantec Management Agent installation package and replace the AeXNSC.exe file with the most recent version, do the following:
   1. On the Agent Install page, click Default Settings.
      In the Symantec Management Agent Settings dialog box, uncheck or check any of the checkboxes indicated on the image below, and then click OK.
      (After regenerating the installation package, you can go back to Default Settings page and restore the required settings.)
      
   2. When the Symantec Management agent installation package generation starts, you will see a message about SOI packages update in Log Viewer.
      
   3. After the package regeneration, each SOI folder contains the latest exe installation file and the Install Windows OS task will install the latest version of Symantec Management Agent on the clients (together with the operating system).
      
4. For Images, copy the content of \\localhost\NSCap\bin\Deployment\Packages\Images folder on the old ITMS server and upload it to the same location on the new ITMS server. Also refer to "How to re-import Image files after migrating to a new SMP Server"
5. For PCTPackages, copy the content of \\localhost\NSCap\bin\Deployment\Packages\PCTPackages folder on the old ITMS server and upload it to the same location on the new ITMS server.
6. For DeployAnywhere Drivers, copy required drivers from \\localhost\NSCap\bin\Deployment\DriversDB\ on the old ITMS and upload them to the same location on the new ITMS.
   Also refer to About location of Deployment Solution packages for more file locations to consider to copy its contents.
   
   
7. For Winpe Preboot Drivers, copy the CUSTOM folder from C:\Program Files\Altiris\Deployment\BDC\bootwiz\Platforms\WinPE\x64\Drivers on the old ITMS and upload them to the same location on the new ITMS.

STEP 5. Redirect the CEM clients to the new ITMS server

1. On the new ITMS server, in the Symantec Management Console, go to Settings > Notification Server > Cloud-enabled Management >Setup > Cloud-enabled Management Agent IIS Website Settings and create a Symantec Agent CEM Website with the following settings:
   
2. After creating the CEM Website on the new ITMS server, add the new ITMS server to the old Internet gateway (Internet gateway version can be 8.1 RU7 or 8.5) that serves the CEM clients of the old ITMS server.
   
3. On the new ITMS server, enable Cloud-enabled Management Settings policy.
   Add the old CEM Gateway(s) and apply the policy to client computers. (Do not include the Site Server computers.)
   
4. On the new ITMS server, go to Settings > Agents/Plug-ins > Symantec Management Agent > Symantec Management Agent Communication profiles, and do the following:
   1. Open the NS communication profile and make sure that the required SSL settings, TLS versions, certificates, required hostname, FQDN with correct ports are specified for HTTP/HTTPs, and then save changes.
   2. Right-click this profile, and click Export.
   3. In the Export SMP Server Communication Profile dialog box, select Export profile using legacy encryption format if FIPS is not enabled on your ITMS server and select Using FIPS Compliant format if FIPS is enabled.
   4. Specify password.
      You need this password during the import of this profile to your old ITMS server.
   5. Make sure that you choose correct Cloud-enabled Management Settings policy for Use gateway information from policy.
      CEM clients will then use correct Internet gateway to establish connection to the new ITMS server when they are redirected from the old ITMS server.
   6. Specify an appropriate expiration date for Temporary certificates for CEM Agents will expiry
      Sometimes 1 week may not be enough to move all CEM clients to a new ITMS server.
      
   7. Download the exported NS Communication profile .xml file and upload it to the old ITMS server.
   8. On the old ITMS server, in the Symantec Management Console, go to Settings > Agents/Plug-ins > Symantec Management Agent, right-click Symantec Management Agent Communication profiles folder, click Import profile, browse the .xml file, enter password, and then click OK.
      
   9. On the old ITMS server, in the Symantec Management Console, click the imported ITMS communication profile and check that the imported profile from the new ITMS server has correct settings including CEM temporary certificate expiration date/time.
      
   10. To redirect the intranet and CEM clients from the old ITMS server to the new ITMS server, create a Targeted Agent Settings policy that is only applied to the required client computers and on the Advanced tab of this policy, check Specify an alternate URL for the Symantec Management Agent to use to access the NS, choose the communication profile that you imported from the new ITMS server, check Allow Symantec Management Agents to perform Cloud-enabled registration on specified Notification Server, save the changes, and then refresh the policies on the client computers.
       

STEP 6. Redirect the site servers to the new ITMS server

1. Create a Targeted Agent Settings policy and apply it to required Site Servers.
   
   NOTE
   For Site Servers redirection, do not check Allow Symantec Management Agents to perform Cloud-enabled registration on specified Notification Server, because Site Servers should not have CEM Settings policy applied, select the new ITMS NS Communication profile, save the changes, and then refresh policies on Site Servers.
   If you apply CEM settings policy to an existing or a future Site Server, you cannot add Task service, monitor service, or NBS service to this Site Server. You will only be able to add Package service.
   
   
   NOTE
   Verify that the Master Certificate under the Global Site Server settings has changed to the certificate for the new host (in cases when you use a pre-existing database).
2. Restore Task Server and Package Server site servers that are redirected to the new ITMS server.
   On the new ITMS server, open Windows Task Scheduler and execute the following tasks:
   • Package Server Status Event Capture Item.{f85fe5d9-005a-40ac-b213-944b496405fe}
   • Restore Task Servers.{c15c41cf-396f-401d-ab35-580c0ba950a3}
   

STEP 7. Check the communication status between the client computers and the new ITMS server

1. On the new ITMS server, in the Symantec Management Console, go to Reports > Notification Server Management > Agent, and open the Agent Connection Status
   Sort the report by Reported column or use the Group By option.
   
2. Open the Computer last information update time report, and sort it by Date Modified.
   
3. Agent Health summary report in ITMS Management views page (at Manage > Computers > All Computers) shows the common status of Notification Server clients.
   

Step 8. Upgrade Symantec Management Agent, site server plug-ins, solution plug-ins

In the Symantec Management Console, go to Reports > Notification Server Management > Agent, and open the ITMS Plug-ins status report to identify the required upgrade policies. You can select multiple policies and enable them at once.