000027046 - Authentication Manager 7.1 SP4 Installation Tips on Windows Environment

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000027046
Applies ToAuthentication Manager 7.1 SP4 on Windows
SP4 Installation
IssueUpgrade Authentication Manager 7.1 to SP4 successfully.

To upgrade the Authentication Manager 7.1 instances to SP4 on windows, follow these steps:

- If there are any replica(s) instances in the realm, verify that replication is healthy.
Logon to the operations console of the Primary and click on "Replication Status Report" on the Home Page. The results read anything but "Complete" both ways, do not proceed and contact RSA Customer support.

- Verify that NTFS name convention is not Disabled on the server. To do so, do the following:

Open the System registry.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
Make sure that "NtfsDisable8dot3NameCreation" is set to "0". If this set to "1", change it to "0" and reboot the server. Once the server reboots, navigate back to this registry Key and make sure its still set to "0"

- Place the SP4 installation files in a folder from the root of the drive  (i.e. C:\RSA_SP4Install. Avoid having a long path)
- Disable all third party applications on the server. (Virus Scan, Network Monitoring Software, etc.)
- Put the following windows services on MANUAL:

Microsoft Distributed Transaction Coordinator
Microsoft Distributed Transaction Client
Microsoft COM+ Event System
Any anti-virus software and services
SNMP and related services
MTSrecovery services
BackupExec or other backup software agent services
IBM Director Support services
CA BrightStor Universal Agent services
VMware Tools and services
Windows Management instrumentation

- Delete all .SQL files from C:\windows\temp directory  (If any)
- Set all RSA services to Manual (accept for the disabled one(s) and reboot the server.
- Rename the file <rsa_home>/db/bin/oraevrus10.dll to be <am_home>/db/bin/oraevrus10.dll.rsa
- Set the RSA services back to Automatic.
- Start ONLY the RSA Authentication Manager Database Listener & Database Server  and instance services.
- Rename the file <rsa_home>/db/bin/oragenaric10.dll to be <am_home>/db/bin/orageneric10.dll.rsa
- Install SP4 (Don't check the option to start the services once the installation is complete. Start the services manually once SP4 installation is complete in the order below)
   RSA DB Listener
   RSA DB Server
   RSA DB Instance
   RSA Node Manager
   RSA Administration Server
   RSA Authentication Manager  (This service might time out, click Ok and refresh until the service is at a "Started" state)
   RSA Operations Console
   RSA Radius Operations Console
   RSA Radius Server
- Repeat the steps above on the Replica instance(s) if any.


 VMware Support

RSA Authentication Manager 7.1 Service Pack 4 (SP4) is supported for VMware ESX 4.0 and 3.5.


The following VMware ESX 4.0 features are supported:


- Cloning

- Physical to virtual conversion

- Virtual to physical conversion


When using physical to virtual conversion or virtual to physical conversion, the hardware/memory configuration (fingerprint) may change causing the RSA Authentication Manager 7.1 server services to fail starting automatically. To resolve this issue, the fingerprint must be reset using the "rsautil manage-secrets reset" command.

The VMWare host systems, VMWare guest systems, and any physical servers must be configured to use a known-good NTP Server on all systems, before doing the upgrade. If these have not been configured, and configuring NTP would change the time on any of them significantly, contact RSA first.


The following VMware ESX 4.0 features and tools are not supported:


- Snapshots

- VMotion

- Distributed Resource Scheduler (DRS)

- High Availability (HA)

- VMware Consolidated Backup (VCB)

- Legato Filesystem Sync Driver

- Legato Virtual Machine Memory Driver (Balloon driver)



RSA recommends that customers use the features built in to RSA Authentication Manager 7.1 for these types of services.


VMWare Memory Settings

In order for the embedded Oracle database in RSA Authentication Manager to work properly, the following memory settings are required for VMWare.


- Allocated memory should be set to 4G for a 32-bit OS and 8G for a 64-bit OS.

- Reserved memory should be set to 4G for a 32-bit OS and 8G for a 64-bit OS.

- Allocated memory and reserved memory should be set to the same value.

If these specifications are not followed, database errors may cause failures.


TAKE A BACKUP of the Primary  Prior to Applying SP4. Use the Authentication Manager 7.1 Backup utility to make a backup of your deployment (Operations Console/Maintenance/Backups)
Authentication Manager 7.1 Has to be patched at least to SP2 prior to upgrading to SP4. (i.e. You can upgrade an Authentication Manager 7.1SP2 instance directly to SP4. SP3 is not a pre-requisite). Once upgraded to SP4, the latest Authentication Manager Patch can be applied on top.
Follow the steps above along with the Authentication Manager 7.1 SP4 readme.
 If SP4 upgrade has failed on an instance, please contact customer support prior to attempting another install of SP4.
Also see primus solution a53490
Legacy Article IDa56533