View the Next Steps for Promotion for Maintenance

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Information Design and Development Employee on Jul 27, 2020
Version 14Show Document
  • View in full screen mode

After promotion completes, you can view the Next Steps on the new primary instance. You cannot view these Next Steps on any other instance besides the promoted instance.

The Next Steps differ based on your promotion process and deployment.

RSA recommends that you download the Next Steps for future reference. If you restart services on the instance, these steps are no longer available for viewing or downloading.

Before you begin 

Promote a Replica Instance Using Promotion for Maintenance


  1. In the Operations Console on the new primary instance, click Deployment Configuration > Promotion > For Maintenance > Progress Monitor, and then click Next.

  2. Complete the next steps that display.

    RSA recommends that you click Download Next Steps to save a copy of the steps for future reference.

    The following next steps are always required after a promotion for maintenance:




    Restore RADIUS replication on the new primary instance

    In the Security Console on the new primary instance, go to RADIUS > RADIUS Servers and click Initiate Replication to synchronize the replica RADIUS servers with the new primary instance.

    If your deployment includes web tiers, restart services for each web tier.

    See Managing the Web-Tier Service 

    Review the instance-specific system settings for the new primary instance and update any setting as needed.

    Note:  The new primary instance does not inherit these settings from the original primary instance.

    In the Security Console, go to Setup > System Settings, and review the settings that are configured by instance.

    For example, you may want to review and update the following instance-specific settings:

    • SNMP

    • SMTP

    • Caching

    • Logging

    • Session Handling

    Verify your dynamic seed provisioning configuration

    1. In the Security Console, go to Setup > System Settings, and under Authentication Settings, click Tokens.

    2. Review the dynamic seed provisioning settings. If the fully qualified hostname of the demoted primary instance is used, update the setting with the fully qualified hostname of the new primary instance. For further instructions, see Configure Token Settings.

    Depending on the outcome of the promotion, additional steps may also display.

    If any of the following scenarios apply to the promotion that you completed, you must perform the corresponding task:





    You chose to manually copy and transfer log data after promotion

    Restore logs

    The log backup file is created on the original primary instance. Using methods like FTP, transfer the backup file to a supported backup location. For instructions on restoring from a backup, see Restore from Backup.

    Note:  SSH must be enabled to access the local file system on the instance. To enable SSH, go to the Operations Console for the instance and click Administration > Operating System Access.

    One or more additional replica instances could not be updated to point to new primary instance

    Enable communication with replica instances

    For each additional replica instance that could not be updated, log on to the Operations Console of the replica instance, click Administration> Network> Update Primary Hostname and update the Primary Hostname field to that of the new primary instance.

    The original primary instance cannot be demoted

    Reset and configure the original primary instance as a replica

    See Manually Reset the Original Primary Instance as a Replica Instance.

    The original primary instance was demoted, but services could not be started successfully

    Reuse the original primary instance as a replica instance

    Start services on the original primary instance and synchronize with the new primary instance. For more information, see Start and Synchronize the Original Primary Instance.

    Synchronization of the original primary instance does not succeed

    Synchronize original primary instance

    See Synchronize a Replica Instance.

  3. Verify the following settings on the new primary instance.




    Make sure that the identity sources that you use are accessible from the new primary instance.

    See View the Identity Sources in Your Deployment.

    Review the backup schedule for the new primary instance. Make sure that the new primary instance can communicate with the backup location.

    See Create a Backup Using Schedule Backups.

    Make sure that the link that is included in e-mail notifications for Self-Service user account changes contains the correct URL for the Self-Service Console.

    See Configure E-mail Notifications for Self-Service User Account Changes.






You are here
Table of Contents > Promotion for Maintenance > View the Next Steps for Promotion for Maintenance