Chat now with support
Chat with Support

InTrust 11.4.1 - Upgrade Guide

After You Upgrade

This topic describes some differences you may find in InTrust after the upgrade.

Differences in Forwarding Configuration

A new event forwarding engine was introduced in InTrust 11.4. As a result, the following organization parameters fell out of use:

  • FORWARDING_RETENTION_PERIOD
  • FWD_PARAM_IS_ALIVE_PERIOD_SECONDS

Even though they are still visible in the organization parameter editor, they have no effect in InTrust 11.4 and later.

Changes in Rule Group Structure

In InTrust 11.3.2, the rule group tree was reorganized to put all attack detection rules in an easy-to-locate dedicated group. The upgrade doesn't reconfigure any existing real-time monitoring policies, so if you want to use the rules at their new locations, you need to edit the policies that reference the old rules. Otherwise, the policies will keep applying the rules at their old locations.

Upgrading with Configuration Database Replication Enabled

If configuration database replication over a WAN link is configured in your InTrust deployment, you need to take a few additional configuration steps. To follow this procedure, you should have the Replication of the InTrust Configuration Database document handy. For details about any steps, see the Technical Details and Procedures topic in that document.

  1. Complete the preparatory steps from the Before You Start topic.
  2. Make a backup copy of the configuration database.
  3. Stop the Quest InTrust Real-Time Monitoring Server and Quest InTrust Server services on the InTrust server that is connected to the Subscriber database.
  4. Make sure that the configuration databases are fully synchronized. Wait for initial synchronization to complete successfully. To monitor the synchronization status, right-click the name of the subscription you have created and select View Synchronization Status from the shortcut menu to see a message in the Status pane reading:
    Waiting 60 second(s) before polling for further changes.
  5. Delete AdcCfgPublication.
  6. Delete the subscription.
  7. Note the name of the Subscriber database and remove the database. Important: You will need to specify the same name later.
  8. Upgrade the Publisher InTrust server the regular way, as described in Upgrade the First InTrust Server in Your InTrust Organization.
  9. Create AdcCfgPublication on the Publisher SQL server.
  10. Create a subscription for the Subscriber database. Important: The name of the new Subscriber database must be the same as the name of the database you removed on step 7.
  11. Make sure that the configuration databases are fully synchronized.
  12. Connect to the Subscriber SQL server using credentials with the db_owner role for the new InTrust configuration database. Run the configdb.sql script (find it in the Scripts\Database Scripts folder in the InTrust distribution) on that database. You may receive some errors while the script is running, such as:
    • Updating columns with the rowguidcol property is not allowed.
    • GETMAXVERSION: The parameter 'lineage' is not valid.
    • The statement has been terminated.

These errors can be safely ignored.

  1. Confirm that the Subscriber SQL server is working properly.
  2. Start the Quest InTrust Real-Time Monitoring Server and Quest InTrust Server services, run InTrust Manager and connect it to the Subscriber InTrust server. Check that the InTrust objects you need are available and their properties are set up correctly. If not, consider contacting Quest Support; you may have made a mistake along the way.
  3. Upgrade the Subscriber InTrust server the regular way, as described in Step 2: Upgrade the First InTrust Server in Your InTrust Organization. For the rest of the upgrade process, follow the Upgrade the Other Servers topic and subsequent topics.
Related Documents