|Issue||Inplace upgrade of Primary ACE server to a newer version of ACE server|
Install newer version of ACE server on Replica(s) to match version on Primary
Inplace upgrade on Primary ACE server succeeds
Inplace upgrade of Replica fails with "Error 25000.Upgrade error: unable to migrate sdserv database(3)" and "Error 25000.Error Copying replica database files"
|Cause||DNS / FQDN problems. As seen on the Primary in "Configuration Management-> Replica->" "Selecting the Primary and or a replica entry" and selecting "details" there are bad entries to FQDN (Name resolution problems).|
|Resolution||Update Configuration Management with proper FQDN. Look at HOSTS files and or make entries.|
Remove Replica entries with invalid FQDN and re-add them. Once all FQDN / Name resolution problems have been corrected, copy "sdconf.rec" and generate replica pacakges and proceed with the upgrade on Replicas.
You may need to update configuration files on Replica Servers, Agent Hosts, and remote Administration Machines.
|Notes||Check DNS entries / NSLOOKUP / Ping from clients and servers to verify.|
Distributing the Configuration Update (As seen in ACE Help)
Note: The Configuration Management application creates the sdconf.rec file. Agent Hosts may use DES or SDI encryption, and each Agent Host must have an sdconf.rec file that contains a match for the encryption it uses. If you have some Agent Hosts that use DES encryption and other Agent Hosts that use SDI encryption, make sure that the sdconf.rec file you distribute to each Agent Host has the correct encryption setting.
Whenever you modify the Authentication Manager configuration file by using the Configuration Management application on the Primary, do the following:
1. Copy the new sdconf.rec file to a location outside the ACEDATA directory on any applicable Replica, and apply it using the RSA Authentication Manager Control Panel.
2. Stop and restart the Primary and each Replica, so that the new configuration takes effect.
Note: If you have any custom settings enabled on a Replica but not on the Primary, re-enable those settings on the Replica after copying the sdconf.rec file.
To distribute a new sdconf.rec file to version 5.0 Agent Hosts:
Copy the file to the ACEDATA directory on any affected RSA ACE/Agent Host. Or, make the new sdconf.rec available, and instruct administrators to update Agent Hosts.
To distribute a new sdconf.rec file to legacy Agent Hosts:
Perform the necessary edits in the Configuration Management application, and click Generate Configuration Files. If you have more than one pair of Acting Master and Acting Slave Servers, be sure to copy the new sdconf.rec file to the ACEDATA directory on only those legacy Agent Hosts that are performing authentications with a particular pair of Acting Master and Acting Slave Servers. For more information, see Generating a Configuration File.
Note: A Windows machine that is both an RSA Authentication Manager and an RSA ACE/Agent Host needs two copies of the sdconf.rec file, one in the ACEDATA directory and one in the %SystemRoot%\system32 directory.
Agent Hosts that are not RSA ACE/Agents developed by RSA Security may not be able to store and read the sdconf.rec file. Typically, third-party devices that integrate RSA ACE/Agent code use a configuration file particular to the device type. To distribute new configuration information to these Agent Hosts, reconfigure the device following the instructions in the manufacturer's documentation.
Generating a Configuration File
1. Click one of the radio buttons under Generate Configuration File For.
? To generate configuration files for all Agent Hosts, click All Agent Hosts.
? To generate a configuration file for a single Agent Host, click One Agent Host.
? Click A range of Agent Hosts using Acting Master: and select the name of the Acting Master from the dropdown list to generate configuration files for a range of Agent Hosts that use a particular Acting Master.
You can select <No Selection>, in which case the configuration files generated will be for Agent Hosts with no assigned Acting Master or Acting Slave.
2. Click OK.
? If you selected All Agent Hosts, an sdconf.rec file is created for each Acting Master or Acting Master/Slave pair in a directory in the ACEDATA\config_files directory.
The directory is named for the Acting Master (or Acting Master/Slave pair) and the IP addresses of the assigned Acting Servers. For Agent Hosts with no assigned Acting Servers, the directory is named NoServers. Each directory also contains an agent_hosts.txt file that lists all of the Agent Hosts that use the sdconf.rec file.
? If you selected One Agent Host, the Select Agent Host dialog box displays when you click OK. Select the name of the Agent Host, click OK, and then, in the Configuration Filename Specification dialog box, select the directory in which you want to save the sdconf.rec file, and click Save.
The sdconf.rec file is created in the directory you select in the Configuration Filename Specification dialog box.
? If you selected A range of Agent Hosts using Acting Master:, the Select a Range of Agent Hosts dialog box displays when you click OK. Specify the range of Agent Hosts and click OK.
The sdconf.rec file is created in a directory in the ACEDATA\config_files directory. The directory is named for the assigned Acting Master (or Acting Master/Slave pair) and the IP addresses of the assigned Acting Servers. For Agent Hosts with no assigned Acting Servers, the directory is named NoServers. This directory also contains an agent_hosts.txt file that lists all of the Agent Hosts that use sdconf.rec file.
3. Copy the sdconf.rec file to the Agent Host.
If you generated configuration files for more than one Agent Host, copy the sdconf.rec file to the Agent Hosts listed in the agent_hosts.txt file.
|Legacy Article ID||a34266|