000029877 - How to install patches on an RSA Authentication Manager 8.1 via web browser

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000029877
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
IssueThis article provides step-by-step process to install a patch in Authentication Manager 8.1 via a web browser. For this article, we will be installing the Authentication Manager 8.1 SP1 upgrade patch on a server running Authentication Manager 8.1 patch 5. Once the patch is installed, the system configuration will show that it is running Authentication Manager 8.1 SP1. 


  • If the authentication server is currently running Authentication Manager 8.0, either with a base installation without additional patches or Authentication Manager 8.0 with patches, you will need to install the Authentication Manager 8.1 upgrade patch prior to installing Authentication Manager 8.1 SP1 and any subsequent patches. 
  • If the authentication server is currently running Authentication Manager 8.1, either with a base installation or Authentication Manager 8.1 with patches prior to SP1, install the Authentication Manager 8.1 SP1 upgrade patch prior to installing the latest patch for 8.1 SP1.
  • If the authentication server is currently running Authentication Manager 8.1 SP1 or Authentication Manager 8.1 SP1 with subsequent patches, you can install the latest Authentication Manager 8.1 SP1 patch directly.  The latest patch will always be a cumulative unless specified so there is no need to install previous monthly patches.
  • Always patch the primary server first before applying the patch to the replica instances.  Failure to do so can corrupt the replication process requiring that all replicas be rebuilt and reattached to the primary.
  • Do not install the patch on multiple servers at the same time.
  • Minimum free disk space required: 4 GB.
  • Ensure that port 8443/TCP is open for HTTPS traffic.
  • Access to port 8443 TCP is required for real-time status messages when applying Authentication Manager service packs and patches.  During a product update, the appliance opens this port in its internal firewall. The appliance closes this port when the update is complete.  If an external firewall blocks this port, the browser displays an inaccessible or blank web page, but the update can successfully complete.
ResolutionIt is recommended to take a backup of the database prior to installing any patches.  This can be done from the Operations Console (Maintenance > Backup and Restore > Backup Now).
Next, download the Authentication Manager 8.1 SP1 upgrade patch from RSA Link. If you have trouble logging in, contact RSA Customer Support for assistance.  Once the patch is downloaded, follow the steps below:
  1. Log in to the primary's Operations Console.  
Operations Console login

  1. Click on Maintenance > Update & Rollback. Under Version, the patch level of the server is displayed.
 Current Installed Version

  1. Click on Configure Update Source. Select Use your web browser to upload an update and click Save. Optionally, you can choose NFS, Windows Share or CD/DVD as an update source, but this article will only cover using a web browser as the update source. Note that if you have a slow network connection to the Authentication Manager server, the other update sources may be better options.
Configure Update

  1. Click Upload & Apply Update. A window will pop up. Click on Choose File in next window.
Upload and Apply Update

  1. Browse to the patch file .iso downloaded earlier. If you downloaded a .zip file, unzip the file and upload the .iso file.
Browse to iso

  1. Click Upload.
Upload and Apply Update

  1. When prompted, enter the server's operating system password and click Apply.
Apply Update

  1. Once you click on the Apply button, the system will prepare for patch installation. You should see the following progress window:
Preparing to Apply Update

  1. Once the system completes above tasks, it will start to apply the updates. This can take up to 20 minutes. Once the patch is installed, you will be presented with following screen. The system might reboot depending on the patch. Wait for the system to come back up. 

  1. The system will not redirect to the Operations Console login page automatically. Wait 5 to 10 minutes and try to access the Operations Console. Once you have the Operations Console access, you can verify the patch update by selecting Maintenance > Update & Rollback.
Post Upgrade

  1. The system is now at Authentication Manager 8.1 SP1. For any replica servers in the deployment, follow the same procedure to update those instances. Do not install patches on multiple Authentication Manager servers at the same time.  RSA releases patches for Authentication Manager on a monthly cadence.  Follow the RSA SecurID Suite Advisory page to receive notifications when services packs and patches are released.