View the Next Steps for Promotion for Maintenance

After promotion completes, you can view the Next Steps on the new primary instance. You cannot view these Next Steps on any other instance besides the promoted instance.

The Next Steps differ based on your promotion process and deployment.

RSA recommends that you download the Next Steps for future reference. If you restart services on the instance, these steps are no longer available for viewing or downloading.

Before you begin

Promote a Replica Instance Using Promotion for Maintenance


  1. In the Operations Console on the new primary instance, click Deployment Configuration > Promotion > For Maintenance > Progress Monitor, and then click Next.

  2. Complete the next steps that display.

    RSA recommends that you click Download Next Steps to save a copy of the steps for future reference.

    The following next steps are always required after a promotion for maintenance:



    If your deployment includes web tiers, restart services for each web tier.

    Review the instance-specific system settings for the new primary instance and update any setting as needed.

    Note: The new primary instance does not inherit these settings from the original primary instance.

    In the Security Console, go to Setup > System Settings, and review the settings that are configured by instance.

    For example, you may want to review and update the following instance-specific settings:

    • SNMP

    • SMTP

    • Caching

    • Logging

    • Session Handling

    Verify your dynamic seed provisioning configuration

    1. In the Security Console, go to Setup > System Settings, and under Authentication Settings, click Tokens.

    Recreate the read-only database user

    If you had a read-only database user on the original primary instance, use the manage-readonly-dbusers command line utility to recreate the same read-only database user, with the same password and the same client IP address. If you receive a message that the user already exists, you must delete the previous account.

    For instructions, see the Developer's Guide topic "SQL Access to the RSA Authentication Manager Database."

    Depending on the outcome of the promotion, additional steps may also display.

    If any of the following scenarios apply to the promotion that you completed, you must perform the corresponding task:




    You chose to manually copy and transfer log data after promotion

    Restore logs

    The log backup file is created on the original primary instance. Using methods like FTP, transfer the backup file to a supported backup location. For instructions on restoring from a backup, see Restore from Backup.

    Note: SSH must be enabled to access the local file system on the instance. To enable SSH, go to the Operations Console for the instance and click Administration > Operating System Access.

    One or more additional replica instances could not be updated to point to new primary instance

    Enable communication with replica instances

    For each additional replica instance that could not be updated, log on to the Operations Console of the replica instance, click Administration> Network> Update Primary Hostname and update the Primary Hostname field to that of the new primary instance.

    The original primary instance cannot be demoted

    Reset and configure the original primary instance as a replica

    See Manually Reset the Original Primary Instance as a Replica Instance.

    The original primary instance was demoted, but services could not be started successfully

    Reuse the original primary instance as a replica instance

    Start services on the original primary instance and synchronize with the new primary instance. For more information, see Start and Synchronize the Original Primary Instance.

    Synchronization of the original primary instance does not succeed

    Synchronize original primary instance

    See Synchronize a Replica Instance.

  3. Verify the following settings on the new primary instance.



    Make sure that the identity sources that you use are accessible from the new primary instance.

    See View the Identity Sources in Your Deployment.

    Review the backup schedule for the new primary instance. Make sure that the new primary instance can communicate with the backup location.

    See Create a Backup Using Schedule Backups.

    Make sure that the link that is included in e-mail notifications for Self-Service user account changes contains the correct URL for the Self-Service Console.