View the Next Steps for Promotion for Maintenance
After promotion completes, you can view the Next Steps on the new primary instance. You cannot view these Next Steps on any other instance besides the promoted instance.
The Next Steps differ based on your promotion process and deployment.
RSA recommends that you download the Next Steps for future reference. If you restart services on the instance, these steps are no longer available for viewing or downloading.
Before you begin
Promote a Replica Instance Using Promotion for Maintenance
Procedure
In the Operations Console on the new primary instance, click Deployment Configuration > Promotion > For Maintenance > Progress Monitor, and then click Next.
Complete the next steps that display.
RSA recommends that you click Download Next Steps to save a copy of the steps for future reference.
The following next steps are always required after a promotion for maintenance:
Task
Instructions
If your deployment includes web tiers, restart services for each web tier.
Review the instance-specific system settings for the new primary instance and update any setting as needed.
Note: The new primary instance does not inherit these settings from the original primary instance.
In the Security Console, go to Setup > System Settings, and review the settings that are configured by instance.
For example, you may want to review and update the following instance-specific settings:
SNMP
SMTP
Caching
Logging
Session Handling
Verify your dynamic seed provisioning configuration
In the Security Console, go to Setup > System Settings, and under Authentication Settings, click Tokens.
Review the dynamic seed provisioning settings. If the fully qualified hostname of the demoted primary instance is used, update the setting with the fully qualified hostname of the new primary instance. For further instructions, see Configure Token Settings.
Recreate the read-only database user If you had a read-only database user on the original primary instance, use the manage-readonly-dbusers command line utility to recreate the same read-only database user, with the same password and the same client IP address. If you receive a message that the user already exists, you must delete the previous account.
For more information, see the Developer's Guide topic "SQL Access to the RSA Authentication Manager Database."
Depending on the outcome of the promotion, additional steps may also display.
If any of the following scenarios apply to the promotion that you completed, you must perform the corresponding task:
Scenario
Task
Action
You chose to manually copy and transfer log data after promotion
Restore logs
The log backup file is created on the original primary instance. Using methods like FTP, transfer the backup file to a supported backup location. For more information on restoring from a backup, see Restore from Backup.
Note: SSH must be enabled to access the local file system on the instance. To enable SSH, go to the Operations Console for the instance and click Administration > Operating System Access.
One or more additional replica instances could not be updated to point to new primary instance
Enable communication with replica instances
For each additional replica instance that could not be updated, log on to the Operations Console of the replica instance, click Administration> Network> Update Primary Hostname and update the Primary Hostname field to that of the new primary instance.
The original primary instance cannot be demoted
Reset and configure the original primary instance as a replica
See Manually Reset the Original Primary Instance as a Replica Instance.
The original primary instance was demoted, but services could not be started successfully
Reuse the original primary instance as a replica instance
Start services on the original primary instance and synchronize with the new primary instance. For more information, see Start and Synchronize the Original Primary Instance.
Synchronization of the original primary instance does not succeed
Synchronize original primary instance
Verify the following settings on the new primary instance.
Task
Reference
Make sure that the identity sources that you use are accessible from the new primary instance.
Review the backup schedule for the new primary instance. Make sure that the new primary instance can communicate with the backup location.
Make sure that the link that is included in e-mail notifications for Self-Service user account changes contains the correct URL for the Self-Service Console.
See Configure E-mail Notifications for Self-Service User Account Changes.
Related Articles
Promotion for Maintenance Number of Views RSA Silvertail - RSA WTD: how to capture support snapshot from command line Number of Views Promotion for Maintenance Number of Views RSA Authentication Manager 8.6 Azure Virtual Appliance Getting Started Number of Views Remote agent installation steps for RSA IMG Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
