Preparing for a Windows upgrade using the unified product installer
This topic provides the information you need to prepare your environment for the upgrade process on Microsoft Windows systems using the unified product installer. It includes information about supported upgrade paths and instructions for preparing to upgrade the TrueSight Server Automation system.
The topic includes the following sections:
The following sections provide information about the latest builds and the supported upgrade paths.
EPD version number
|Patch 1 for Service Pack 4 for version 8.9|
|8.9.04.001||June 21, 2019|
|Service Pack 4 for version 8.9|
|8.9.04||January 28, 2019|
|Patch 1 for version 8.9 Service Pack 3|
|8.9.03.001||October 5, 2018|
|Service Pack 3 for version 8.9|
|8.9.03||June 11, 2018|
Supported upgrade paths
The following figures illustrate the supported upgrade paths to TrueSight Server Automation 8.9.x.
If you are running BMC Server Automation 8.7 Patch 5 or 8.8 Patch 2, you cannot upgrade to version 8.9.01. However, you will be able to upgrade to version 8.9.02 after it is released. To receive proactive notifications for new releases, subscribe to BMC Server Automation's Subscription List on the BMC Support site.
If you are running BMC Server Automation 8.7 Patch 5 or 8.8 Patch 2, you cannot upgrade to version 8.9.00. However, you will be able to upgrade to version 8.9.02 after it is released. To receive proactive notifications for new releases, subscribe to BMC Server Automation's Subscription List on the BMC Support site.
In the above diagrams, abbreviations are defined as follows:
- BSA stands for BMC Server Automation or TrueSight Server Automation ( for version 8.9.03 and later)
- SP stands for Service Pack
- P stands for Patch
Step 1: Review requirements and limitations
Prior to upgrading, it is important to carefully review the following requirements and limitations.
Requirements for upgrade on Windows
If your TrueSight Server Automation environment includes BMC Cloud Lifecycle Management, you need to ensure that you maintain compatibility with BMC Cloud Lifecycle Management. For more information, see Component BMC product service pack and patch levels in the BMC Cloud Lifecycle Management online technical documentation.
If your TrueSight Server Automation environment includes BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation, upgrade BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation before upgrading TrueSight Server Automation. For more information, see the BMC Decision Support for Server Automation or TrueSight Smart Reporting for Server Automation online technical documentation.
Review the following key requirements.
Click here to review.
The unified installer supports Windows 64-bit and Linux 64-bit operating systems. For a complete list of platforms supported by the unified installer, see Supported platforms.
|PXE servers||To improve performance during the upgrade, create a new folder on your remote PXE server (by default, %SystemDrive%/BSAInstallerDumpDir, for example, C:/BSAInstallerDumpDir) and then manually copy the PXE installer binary (..\installers\pxe_64\PXE<version>-WIN32) into the %SystemDrive%/BSAInstallerDumpDir folder prior to upgrading. The unified product installer validates the existence of the PXE installer binary under the expected location, and upgrades the PXE server during the upgrade process.|
If you are using Microsoft Windows 2003 or 2008, you must upgrade in Install mode instead of Execute mode, see Using Install mode instead of Execute mode.
Upgrading to a new release can potentially create mismatches between the version of a custom configuration object, an agent, and any model objects that reference custom configuration objects. Therefore, as part of the upgrade process, you must distribute the latest versions of the custom configuration objects that are not included as part of an RSCD agent.
The product installation is automatically upgraded to the appropriate version when you upgrade the agent. However, you must upgrade any custom configuration objects that are not included with the agent by running a Distribute Configuration Objects Job. Configure this job to target servers to which custom configuration objects need to be distributed. For a list of those objects that are included as part of an agent installation and those that are not included with the agent and require distribution, see Custom configuration objects.
To upgrade custom configuration objects
Click here to see the steps for upgrading custom configuration objects.
To upgrade virtualization configuration objects
Click here to see the steps for upgrading virtualization configuration objects.
The Upgrade Model Object Job is not supported for upgrading virtualization configuration objects.
To upgrade configuration objects that you distributed in prior versions, complete the following steps:
Upgrading to a new release can potentially create mismatches between the version of a custom configuration object, an agent, and any model objects that reference custom configuration objects. Therefore, as part of the upgrade process, you must distribute the latest versions of custom configuration objects for the custom configuration objects that are not included as part of an agent. The installation are automatically upgraded to the appropriate version when you upgrade the agent. (See Custom configuration objects for a list of those objects.) You should upgrade any custom configuration objects not included with the agent by running a Distribute Configuration Objects Job. The job should target servers to which custom configuration objects should be distributed.
Click here to review a list of potential issues you can encounter during an upgrade.
If your id.pem certificate was created with a key size of 1024 bits (or less), you will need to regenerate it with a higher key size (2048 or higher). This is due to a change in the FIPS requirement for minimum key length (now 2048 bits).
The unified product installer must be run by a super user, that is, a local Administrator or Administrator-equivalent local user. This enables the installer to install components on remote Application Servers using existing RSCD Agents and PsExec.
In a domain environment, this can be a domain user who is part of the local Administrators group. In such a case, ensure that you prepare the same local Administrator user on any remote Application Server that does not have an RSCD Agent installed.
If you have a high security level enabled in your TrueSight Server Automation installation, the unified installer cannot upgrade the product through the RSCD Agent on the remote host computers. Before upgrading, you must temporarily adjust the security level on the machines where you want to upgrade the Application Servers. At the beginning of the upgrade process, the unified installer checks the security setup and, if problems are detected, issues an error message. This message helps you decide on the actions that you must take to adjust the security settings. For more information, see troubleshooting instructions for security settings. After the upgrade, remember to re-adjust your security settings, based on your unique needs and the IT security policies at your organization.
Before initiating the upgrade, the installer discovers the existing Application Servers and checks whether an RSCD Agent is installed on each Application Server. For Application Servers that do not have an RSCD Agent installed, the installer prompts you for the credentials of the relevant host computers and installs a fully authorized RSCD Agent on each server. Note that if you suspend or abort the upgrade, you will need to manually uninstall the RSCD Agent on each of the servers. After the upgrade, remember to re-adjust your security settings, based on your unique needs and the IT security policies at your organization.
In addition, ensure that the following security requirements are met before initiating the upgrade:
- Ensure that you have authentication profiles of any of the following types set up at your TrueSight Server Automation installation: Secure Remote Password (SRP), LDAP, or Microsoft Windows Domain Authentication.
Upgrade to TrueSight Server Automation version 8.9.03 or later is not supported through Active Directory Kerberos, PKI, or RSA SecureID authentication profiles.
- You must disable the use of client-side certificates that secure access between Application Servers and agents or repeaters before you upgrade using the unified product installer. For more information, see TLS with client-side certs - Discontinuing use of client-side certificates.
- Ensure that your firewall allows communication on all ports used by various components of TrueSight Server Automation. For more information on ports, see TrueSight Server Automation ports.
- Ensure that the port number that is used by the SSH service running on all hosts is 22, which is the default port number for SSH.
Limitations when using the unified product installer
|Category||Description of support or limitation|
|Multiple Application Server (MAS) environments||The unified product installer only supports upgrade of an homogeneous MAS environment, that is, either all Application Servers run on Linux 64-bit operating systems or all run on Windows 64-bit operating systems.|
|"Mixed" Application Server/database environments||The unified product installer supports upgrade of "mixed" Application Server/database environments (for example, Linux Application Server + Microsoft SQL Server database). The UPI does not require the database or the file server operating system to match the operating system of the Application Servers.|
For PXE servers to be upgraded by the unified product installer, they must be:
If your environment includes hybrid PXE servers (that is, PXE servers not running Windows or Linux), you must perform a workaround for the upgrade
Click here to see the workaround.
The unified product installer does not support the following upgrade scenarios:
Step 2: Prepare the database
During an upgrade process, core data is migrated to the upgraded TrueSight Server Automation database. To ensure that this migration completes successfully, you must prepare your database before performing the upgrade. To prepare your database, review the following list of prerequisite tasks and perform the tasks that are relevant for your environment.
|Back up the TrueSight Server Automation database.|
You must back up before beginning the data upgrade process.
The data upgrade occurs in place. If, for any reason, it should become impossible to complete the upgrade, the only way to
|Remove unnecessary deployments|
The migration process uses the database system ID information in the _template deployment to identify the database to migrate. In addition,
Certain deployments are transitory and can be removed before an upgrade as they are not needed for normal operation.
|Ensure that the database configuration information on the deployments of the Application Server is up-to-date|
Before upgrading the Application Server, ensure that the database configuration information on the deployments of the
You can use the blasadmin utility to check the database related and file server related information for each of the deployments (except _launcher).
You can use the following blasadmin commands. If either of these commands returns an error, you can use the blasadmin utility to
If these commands return an error, use the blasadmin utility to correct the configuration so that those commands do not return an error.
|(Oracle only) Grant privileges explicitly to the user account|
For an Oracle database, you must grant certain privileges explicitly to the user account (typically BLADELOGIC) that will be used during the upgrade.
Some of the privileges can be revoked after database migration is performed during the upgrade. For the complete list, see List of required database permissions.
Step 3: Prepare the automation environment
Perform these tasks in order. Many steps are prerequisites for other steps that occur later in the process.
- Back up the TrueSight Server Automation database. The data upgrade occurs in place. If, for any reason, it should become impossible to complete the upgrade, the only way to restore the database to its pre-upgrade state is from the backups.
- Ensure that your connection to Microsoft SQL database is not encrypted. TrueSight Server Automation does not support using an encrypted Microsoft SQL database connection at the time of upgrade. However, after the product is upgraded successfully, TrueSight Server Automation can use an encrypted connection to communicate with the Microsoft SQL database. For steps on enabling and disabling an encrypted connection to your SQL database server, see Encrypting your database connection.
- Verify that the following components are up and running for the upgrade to be successful:
- All Application Servers
- PXE Server
- RSCD agents on Application Servers, PXE servers, and file servers.
Back up the installation directories for all Application Servers and PXE servers. The default installation locations are:
- Application Server: C:\Program Files\BMC Software\BladeLogic\NSH
- PXE Server: C:\Program Files\BMC Software\BladeLogic\PXE
If you are upgrading the PXE server, follow the upgrade instructions for Windows or UNIX, to prevent loss of configuration settings.
Ensure that all files and folders in the installation directory and its sub-directories do not have the read-only attribute enabled. The upgrade might fail, if the read-only attribute is enabled on any file.
Note that the user who installed the earlier version of the product might have changed the installation directory from the default location, so ensure that you have the right location. If your current installation is already an upgrade from a previous version, the paths might be different, due to differences in these locations in earlier versions of TrueSight Server Automation. If you do not know the installation location for TrueSight Server Automation components view the contents of the %WINDIR%\rsc\HOME file.
- Back up the TrueSight Server Automation file server storage location. For example, copy the entire contents of the storage location to a directory other than the current storage location.
Ensure that there is an RSCD agent installed on each Application Server to avoid potential errors in the upgrade process.
Ensure that there is an RSCD agent and NSH are installed on the PXE server.
- Back up the existing certificate.pem, RSCD log files and respective signature files.
- Make sure that you have 4 GB on disk with temp space and 4 GB on disk with installation directory.
Ensure that you have disabled the NSH proxy on all Application Servers in the environment to avoid failure during upgrade. To disable the NSH proxy, run the following command on the NSH client:
secadmin -m default -p 5 -appserver_protocol clear -T encryption_only -e tls
Note: After the upgrade completes, remember to add this entry back into the secure file. You can use the following command:
secadmin -m default -p 5 -appserver_protocol ssoproxy -T encryption_only -e tls
- To preserve the Live Reporting dashboard environment, back up the cacerts file (for example,C:\Program Files\BMC Software\BladeLogic\appserver\NSH\jre\lib\security\cacerts for Windows) to a separate safe location on the TrueSight Server Automation server. You must do this because the TrueSight Server Automation upgrade overwrites the existing cacerts.
NEW IN 8.9.02Ensure that Microsoft Visual C++ 2015 Redistributable Update 3 is installed on the server. For more information, see Installing an RSCD agent (Windows).
As a prerequisite to install Microsoft Visual C++ 2015 Redistributable Update 3 on Windows 2012 R2, you must have the following patches installed on your server:
- KB2919442 (Required for 2919355)
- KB2919355. This patch requires several other patches: clearcompressionflag.exe, KB2919355, KB2932046, KB2959977, KB2937592, KB2938439, and KB2934018. This are all available on the download page for KB2919355.
For more information about the prerequisites for Microsoft Visual C++ 2015 Redistributable Update 3, refer to the Microsoft documentation here.