Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email for assistance

InTrust 11.6 - Upgrade Guide

General Upgrade Information

Upgrade is supported for the following InTrust versions:

  • 11.5.1
  • 11.5.0
  • 11.4.2
  • 11.4.1 with or without Update 1
  • 11.4
  • 11.3.2
  • 11.3.1
  • 11.3

Note:In-Place Upgrade 11.6.0 will not support Server and AeCDSuiteLauncher (Extended Suite).

This guide describes upgrading extended InTrust deployments.


  • The InTrust components require that ports 900 and 8340 be open for inbound traffic. The InTrust installer knows how to configure these ports automatically in Windows Firewall. In addition, IT Security Search and the InTrust repository API work with port 8341, which is not configured automatically. If you use the API or IT Security Search, make sure this port is open.
  • In the course of an upgrade from a version prior to 11.3.2, you may get the following error messages during repository indexing and searching:
    Unknown field <field_name> referenced in log knowledge base as source of value.
    This is caused by differences in log knowledge base definitions between the old and new InTrust versions. The problem should go away as soon as all InTrust components have been upgraded—not just InTrust Server, but also Repository Viewer and others.

Upgrading Your InTrust Organization

InTrust 11.6 now supports FIPS approved hashing algorithms and encryption algorithms. For a fresh installation, the FIPS compliant algorithms are enabled automatically. For an upgrade from older versions (11.5.1 or below), you need to run InTrustFIPSMigratorTool and adcorgpwd tools available in the SupportTools folder of installation folder and follow steps mentioned in Upgrade Guide. Once FIPS compliant algorithms are enabled, they will remain enabled and cannot be changed back to Non-FIPS algorithms. Please refer the Upgrade Guide for more details.

Note: Once enabled FIPS compliant algorithms on one Intrust server, make sure to enable it on all other Intrust servers in the Organization.

Before You Start

Follow the below steps before performing an upgrade (11.6.0 version):

  1. Run the InTrustFIPSMigrator Tool (refer page number 15 of this guide).

  2. Uninstall the all the previous version InTrust components.

    Note:In-Place Upgrade 11.6.0 will not support Server & AeCDSuiteLauncher (Extended Suite).

  3. Clean-up the Temp folder & restart the machine


    In case of an upgrade, cleaning up the temp folder and restarting the system is a mandatory step.

Proceed with installation of 11.6.0 Version as below:

  1. While Installing 11.6.0 full suite or Individual server msi, select “join” and click on “Search for existing organization by InTrust configuration database”

  2. And then select old organization name, respective database for old organization and continue further.

To upgrade your installation of InTrust, you have to upgrade all InTrust servers in your organization using the InTrust suite setup. Below are several recommendations on the steps you should take before starting the upgrade procedure.

  • Consider the accounts under which you are going to run setup. All the accounts you are going to use must be listed as InTrust organization administrators. For one of the InTrust servers you are going to upgrade, do the following:
  • If the computer where you are going to upgrade InTrust Server or InTrust Manager is a SQL server, then make sure in advance that the installed version of SQL Server Native Client is no earlier than the version required by InTrust 11.6.0; version 11.0.6538.0 of the client is redistributed with InTrust.

Things to Remember

Note the following specifics, which you should be aware of throughout the upgrade process:

  • If you are upgrading from version 11.3.2 or earlier, don't enable InTrust self-audit until all InTrust servers have been upgraded. Otherwise, self-audit events logged during the transition period may be useless.
  • Think in advance about the account you are going to use for running InTrust setup to perform the upgrade. This account must have sufficient privileges to modify the SQL Server databases that InTrust uses. A new InTrust version can introduce changes into the database schema, so use a powerful enough account to apply those changes. To choose the account, consider the following tips:
    • If the initial deployment of InTrust involved running the bundled database configuration scripts with minimal sufficient privileges, then repeat the procedure with the same privileges using the scripts bundled with the target release, as described in Providing Database Access.
    • If the initial deployment of InTrust was performed under an account with dbo rights, then use an account with dbo rights for the upgrade also.
    • If you don't know how the InTrust databases were initially configured, use an account with dbo rights for the upgrade. Note that subsequent upgrades will also require such an account.

What Happens When Configuration Objects Receive Updates

For predefined configuration objects (such as tasks, real-time monitoring rules and data sources), it is InTrust policy not to overwrite their existing versions with the updated versions during upgrade. This approach ensures that your configuration, which is most likely customized, keeps working without changes during and after the upgrade, but it also means that in the usual course of an upgrade, these changed objects do not end up in your InTrust infrastructure.

InTrust releases newer than your current version may include fixed or enhanced versions of out-of-the-box configuration objects. If an InTrust version introduces any significant changes to such objects, the details are described in the Release Notes for that version, in the Enhancements and Resolved Issues topics. Check these topics to find out what exactly has changed in the configuration objects.

If you want the newer versions of such objects and you find that the upgrade has not deployed them, contact Quest Support for recommendations on the procedure that will best suit you.

Step 1: Database Preparation

If you plan to work with InTrust accessing the databases under a dbo account, you can proceed to Step 2.

Otherwise (that is, if your InTrust databases were accessed using a non-dbo account or you plan to use such an account when working with InTrust), take the following steps:

  1. Have your database administrator run the following scripts on your InTrust databases:
    1. On the configuration database:
      • configdb.sql
      • InTrust9_0_configuration_schema.sql
    2. On the audit database(s):
      • auditdb.sql
      • ITFE80_EventsData.sql
    3. On the alert database(s)
      • alertdb.sql
      • InTrust9_0_alerts_schema.sql

Caution: These scripts are shipped with the distribution of your new InTrust version in the Scripts\Database Scripts folder. The scripts must be run using an account with the dbo role.

  1. Have your database administrator assign the database roles to those accounts planned for database access in accordance with the Minimal Rights and Permissions Required for InTrust Operations topic.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating