Trying to upgrade 3.1.1-217 to 3.1.2

So, the LAG goes from SLES9 to SLES11 IFF you use the iso to do an
upgrade, otherwise known as burn and recreate.

The trouble we have is that we only have one LAG, so following the
instructions in 'Novell Documentation'
(http://www.novell.com/documentation/novellaccessmanager31/installation/?page=/documentation/novellaccessmanager31/installation/data/bn7y8xh.html)
presents a problem, since Step 4 is "Remove the Access Gateway from the
L4 switch configuration and from the cluster."

If you try and remove a solo LAG from the cluster, it deletes your
cluster.

So, how can I get from SLES9 3.1SP1 to SLES11 3.1SP2?  Part of me
thinks I should just shut down the first LAG, create a new one with the
same IP and characteristics, and point it to the Admin Console, and see
what happens.  

Another part of me remembers 6 months of migrating from a simple iChain
environment that was bulletproof to this environment, and having to
start over from scratch a number of times.

ideas?


-- 
rvfrueh
------------------------------------------------------------------------



0
rvfrueh
8/3/2010 9:36:01 PM
novell.support.access-manager 2305 articles. 0 followers. Follow

7 Replies
751 Views

Similar Articles

[PageSpeed] 46
Get it on Google Play
Get it on Apple App Store

Yeah, this is tricky - I would assume maybe you can use the export
option under the LAG to grab it's config (you may need to manually note
where your contracts were assigned and what IP's were bound to what
reverse proxy service) and then do the deletes, re-install and import
the config back in (you need to test this) and then create the cluster
after your lag is configured again.


-- 
Thanks! 
ETB
------------------------------------------------------------------------



0
barragae
8/3/2010 10:16:01 PM
rvfrueh wrote:

> 
> So, the LAG goes from SLES9 to SLES11 IFF you use the iso to do an
> upgrade, otherwise known as burn and recreate.
> 
> The trouble we have is that we only have one LAG, so following the
> instructions in 'Novell Documentation'
> (http://www.novell.com/documentation/novellaccessmanager31/installatio
> n/?page=/documentation/novellaccessmanager31/installation/data/bn7y8xh
> .html) presents a problem, since Step 4 is "Remove the Access Gateway
> from the L4 switch configuration and from the cluster."
> 
> If you try and remove a solo LAG from the cluster, it deletes your
> cluster.
> 
> So, how can I get from SLES9 3.1SP1 to SLES11 3.1SP2?  Part of me
> thinks I should just shut down the first LAG, create a new one with
> the same IP and characteristics, and point it to the Admin Console,
> and see what happens.  

I've done an actual upgrade from SLES 9 to SLES 11 using the new iso.
Make sure you use sp2 ir1 as sp2 itself fails to import the lag
properly as it doesn't create a bunch of keystores.

I exported the config before I began (just to make sure I had something
to roll back to). If you have any non-standard touch files make sure
you back those up. Backup any custom error and logout pages as well.

In order to run the lag-backup-restore script you have to deploy the
SLES9-Sp2 for the lag first otherwise that script is not available.

Then reinstall the LAG using the new ISO (don't delete the LAG from the
admin console). Give it the same base IP address as the previous lag
and during the install fill out all the details for the admin console
etc. When the LAG restarts after the install it will register itself
with the admin console and it will pull down all the configuration.

I had one issue where it was failing to receive the trusted root of the
embedded eDirectory. This caused that the lag was failing to
communicate with the admin console using secure LDAP as it did not
trust the certificate. Removing the cert from the ESP trust store and
adding it fixed that problem.

After that it took about 5/10 minutes or so before it sorted itself
kinda out. Apparently one formfill policy has been broken since but I
have my doubts if that was related to the upgrade.

-- 
Cheers,
Edward
0
Edward
8/3/2010 10:46:59 PM
Edward has the right of it -- don't delete the LAG node from the Admin 
Console. Instead, just down the server, boot off the new ISO, use the same 
DNS Name / IP address details as the original, and the server will be 
transparently re-associated by the Admin Console and pull down its config.

You may have to use the Troubleshooting screens to re-push certificates 
and/or re-push configuration, but otherwise this is a pretty painless 
process.

I would also use the Troubleshooting page to perform a full export of your 
LAG's configuration and save it someplace safe before doing any of this.

-- 
Stefan Evans
Senior Server Analyst
CSC @ Gulfstream Aerospace



"Edward van der Maas" <edmaa@no-mx.forums.novell.com> wrote in message 
news:D%06o.51522$N74.4597@kovat.provo.novell.com...
> rvfrueh wrote:
>
>>
>> So, the LAG goes from SLES9 to SLES11 IFF you use the iso to do an
>> upgrade, otherwise known as burn and recreate.
>>
>> The trouble we have is that we only have one LAG, so following the
>> instructions in 'Novell Documentation'
>> (http://www.novell.com/documentation/novellaccessmanager31/installatio
>> n/?page=/documentation/novellaccessmanager31/installation/data/bn7y8xh
>> .html) presents a problem, since Step 4 is "Remove the Access Gateway
>> from the L4 switch configuration and from the cluster."
>>
>> If you try and remove a solo LAG from the cluster, it deletes your
>> cluster.
>>
>> So, how can I get from SLES9 3.1SP1 to SLES11 3.1SP2?  Part of me
>> thinks I should just shut down the first LAG, create a new one with
>> the same IP and characteristics, and point it to the Admin Console,
>> and see what happens.
>
> I've done an actual upgrade from SLES 9 to SLES 11 using the new iso.
> Make sure you use sp2 ir1 as sp2 itself fails to import the lag
> properly as it doesn't create a bunch of keystores.
>
> I exported the config before I began (just to make sure I had something
> to roll back to). If you have any non-standard touch files make sure
> you back those up. Backup any custom error and logout pages as well.
>
> In order to run the lag-backup-restore script you have to deploy the
> SLES9-Sp2 for the lag first otherwise that script is not available.
>
> Then reinstall the LAG using the new ISO (don't delete the LAG from the
> admin console). Give it the same base IP address as the previous lag
> and during the install fill out all the details for the admin console
> etc. When the LAG restarts after the install it will register itself
> with the admin console and it will pull down all the configuration.
>
> I had one issue where it was failing to receive the trusted root of the
> embedded eDirectory. This caused that the lag was failing to
> communicate with the admin console using secure LDAP as it did not
> trust the certificate. Removing the cert from the ESP trust store and
> adding it fixed that problem.
>
> After that it took about 5/10 minutes or so before it sorted itself
> kinda out. Apparently one formfill policy has been broken since but I
> have my doubts if that was related to the upgrade.
>
> -- 
> Cheers,
> Edward 


0
Stefan
8/5/2010 8:43:17 PM
Hey Stefan,

Did your LAG have multiple IP on it?  I've had bad luck in the past
where it just dumps all the accelerators (sorry, old iChain term) on the
first and then you have to go and fix them afterwards,but by then it's
possibly mucked up the import/config if you had a dedicated ESP or
heartbeat proxy.

How's performance been?  I've got a fairly beefy server for the LAG
that's pretty underutilized, so I was thinking with the SLES 11 LAG, I
could run it on XEN as a PV instead and maybe put one other small
potatoe thingy on the "host".  Just seems a shame to have a $10,000 LAG
box sitting there using like 5% CPU when I could XEN it and put more
"things" on it (the host, not the VM with the LAG).

Obviously a SLES 9 VM never performed well (fully virtualized).


-- 
kjhurni
------------------------------------------------------------------------



0
kjhurni
8/5/2010 9:46:01 PM
kjhurni wrote:

> 
> Hey Stefan,
> 
> Did your LAG have multiple IP on it?  I've had bad luck in the past
> where it just dumps all the accelerators (sorry, old iChain term) on
> the first and then you have to go and fix them afterwards,but by then
> it's possibly mucked up the import/config if you had a dedicated ESP
> or heartbeat proxy.

Define multiple IP's ? Do you mean multiple network cards or multiple
ip addresses on one card ? If the latter, it worked fine for me. All
the accelerator used the correct listening IP.

> 
> How's performance been?  I've got a fairly beefy server for the LAG
> that's pretty underutilized, so I was thinking with the SLES 11 LAG, I
> could run it on XEN as a PV instead and maybe put one other small
> potatoe thingy on the "host".  Just seems a shame to have a $10,000
> LAG box sitting there using like 5% CPU when I could XEN it and put
> more "things" on it (the host, not the VM with the LAG).

We haven't noticed any performance difference (we'll I didn't hear
anyone complain yet and its been a good 2 weeks). The LAG in this case
is virtualised on a ESX server.


-- 
Cheers,
Edward
0
Edward
8/6/2010 3:56:57 AM
Stefan Evans wrote:

> Edward has the right of it -- don't delete the LAG node from the
> Admin Console. Instead, just down the server, boot off the new ISO,
> use the same DNS Name / IP address details as the original, and the
> server will be transparently re-associated by the Admin Console and
> pull down its config.
> 
> You may have to use the Troubleshooting screens to re-push
> certificates and/or re-push configuration, but otherwise this is a
> pretty painless process.

Initialy I tried to repush the certificates and that didn't do the
trick. I had to actually remove the configCA from the ESP trust store
and add it again.

-- 
Cheers,
Edward
0
Edward
8/6/2010 3:57:43 AM
Thanks Edward.

Yes, meant multiple IP's on one NIC.


-- 
kjhurni
------------------------------------------------------------------------



0
kjhurni
8/6/2010 1:26:01 PM
Reply:

Similar Artilces:

From 2.1.2 to 3.1 or 2.1.2 to 3.0.13 to 3.1
I'm checking back in after being away for a couple of months and I missed the 3.1 release. I can't seem to find any info on what's new in 3.1 and also what the upgrade path should be. So, is the recommended path for upgrading from v 2.1.2 to go directly to 3.1 or do I need to go to 3.0.13 first? Are there any big issues in 3.1 that make it a "gotta have it" version?I did a couple of 2.1.2 to 3.0.12 upgrades but haven't upgraded to or tested 3.1 yet. I have one 2.1.2 site that is commercial and I need it to be down as little time as possible. It also has a lot of third party modules...

Bug DNN 3.1.1 Upgrade from 2.1.2 -> 3.1.0 ->
Somewhere along the process, (I missed when) a portal upgrade created a problem with portal creation. The site is created fine, but the password for the admin is never correct. I have to use host to correct it. Anyone faced this ?Do you know the truth when you hear it? are you using the same hash keys in your web.config? this got me one time-DarrenNeese.com-DNN ROCKS!-DeveloperSchool.com Thanks, this helped me narrow it down and realize it was possibly the upgrade from DNN2 to DNN 3. Since there are no hash keys in DNN2 because it uses an encryption key, how did you solve it?Do you know ...

SuSE Linux 11.3 zlib ver 1.2.3-141.1.i586 trying to upgrade to ver 1.2.5 if need be.
hello all, I am kinda of new to the unix/linux process. I have a web admin who is getting error. [The installer cannot continue until Zlib is installed. / Zlib Not Supported I installed zlib with the yum command yum update zlib-devel it seems to have installed ok. I tried running the command again and now I get message setting up install process nothing to do does that mean its already installed? where is the zlib folder located by default? do I need to update to ver 1.2.5 for the zlib-devel? I also stopped and restarted the apache service, I was told that might be t...

Never done upgrade before. Have a 2.1.2 site w/many custom (purchased) modules, some of which are no longer supported. Don't see *any* info in 3.1 install docs for 2.1.2 upgrade?
Hey folks: I'm about to try something very scary, and I've spent the last 5 or so hours reading DNN 3.1 docs and doing searches here (sure which the search worked better, like allowed sort by date??).  Anyway, I don't see *any* info on updating a 2.1.2 site to a 3.1 site.  The only examples all have machine key stuff and other stuff that's not an issue (or is it?) w/2.1.2 Here's the situation: 1 I have localhost access to the site via remote desktop 2. I have disconnected backed up data and log files and reconnected 3. I have made a copy of the virtual folder. No...

Auto Upgrade from 2.1.2 w/ Access to 3.1.1 w/ SQL?
Just wondering if the install script and the Auto Upgrade of 3.1 is able to upgrade the Access database of a DNN 2.1.2 local site to a SQL database for 3.1 - and if so, do I need to create a SQL database first?  I would assume so since one must create a SQL database for a clean install.Or are users of DNN 2.1.2 using the Access dataprovider hosed on the upgrade to 3.1?  Thanks for any help. It seems there isn't a way to "upgrade" from an Access 2.1.2 database into the 3.1 SQL database.  That being said....  Anyone know of a way to port the old Access database into some ...

Error accessing site after upgrade from 3.1.0 to 3.1.1
Hi,I received this error after FTPing 3.1.1 files to server and then accessing the site for the first time...Any assistance would be appreciated.**************Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: The check of the signature failed for assembly 'FreeTextBox'. Source Error: Line 256:                <add assembly="System.Ent...

How to upgrade 3.1 ro 3.1.1?
Hello,I have read some instructions for upgrade and got confused about file copying part. I can modify my web.config etc files but I'm not sure what do I with installation package (.zip) file.Do I extract and overwrite everything on existing install? Or I place .ZIP file under root? Or what do I do? you extract and overwrite (this is why it's important to keep your web.config safe, as you'll need to rename the release.config in the new zip as web.config, and then cut-and-paste the key values [machinevalidationkey, machineencryptionkey and connectionstrin] into the renamed release.config fr...

Upgrade order from 3.1 to 3.1.1
Just a Sanity check: 1) Upgrade the Admin console first (assuming Admin and IDP are on separate boxes) 2) Upgrade IDP next 3) Upgrade LAG next Don't use any new features until everything is upgraded? -- kjhurni ------------------------------------------------------------------------ kjhurni wrote: > > Just a Sanity check: > > 1) Upgrade the Admin console first (assuming Admin and IDP are on > separate boxes) > 2) Upgrade IDP next > 3) Upgrade LAG next > > Don't use any new features until everything is upgraded? co...

How to upgrade from 3.1 to 3.1.1 on webhost4life?
Sorry, a newbie here...I am hosting over at webhost4life.com and they installed DNN 3.1 version when I signed up for their service. I would like to upgrade to 3.1.1 and I am wondering if anyone can give me exact details how to do this. I know someone said unzip the code, does that mean I upload just the zip file, and then it will unzip itself, or do I need to unzip on my computer, and then overwrite on the server? Thanks, and as detailed as possible for this newbie.Much appreciated!!www.vacationvillascostarica.com SurfBarney, I have the same issue at WH4L. The guys there can do it for you ...

Upgrading from 3.1.0 to 3.1.1
I just read through the very nicely done documentation for 3.1.1 and am unsure how to proceed with my upgrade from 3.1.0.(It is a clean install of 3.1.0 with no modules installed)Should I treat my 3.1.0 installation the same as a 3.0.13 installation and follow the instructions on page 8?----------------------------------------------------- In order to successfully upgrade you must follow the procedure outlined below             1.  Make a back-up copy of your existing web.config file (web.backup.resources).  We cannot emphasi...

Upgrade 3.1.0 to 3.1.1
Does anybody have a procedure that outlines the upgrade from 3.1.0 to 3.1.1.I would think it would be pretty minor, but I like it to go a smooth as possible.Thanks! a few steps:* modify your old web.config so that "autoupgrade" = false (this will make sure that no other visitor can accidentily cause the upgrade procedure to start while you are still uploading)* copy old web.config to web.backup.resources* in the install package of 3.1.1. rename release.config to web.config* from the old web.config copy the keys SiteSQLServer, MachineValidationKey, MachineDecryptionKey to your new web.confi...

kerberos not working after upgrade frm 3.1.1 to 3.1.3
Dear All, my kerberos stop working after upgradde to 3.1.1, however i still see catalina.out started with "Commit Succeed" NAM keep prompt me for login like following: http://i9.photobucket.com/albums/a69/kkyen/WindowsXPProfessional-2011-09-26-02-11-40.png Any idea?? Thx -- kkyen ------------------------------------------------------------------------ I actually have a SR open for this.... I did a packet trace from the client and was getting KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN from the iDP even though commit was also successfull and the SPN is correc...

Infinite redirect loop after upgrade from DotNetNuke 3.1.1 to 3.2.1
After upgrading from DotNetNuke 3.1.1 to 3.2.1, I cannot access any of the DNN sites. Each access never completes. I checked all my aliases. They seem fine. I access my site via http://localhost/site or http://machinename/site and it fails. Of course, it all works under 3.1.1 (and prior versions). Anyone else experience this problem? Know of a fix? ...

upgrade problems from 3.1.1 to 3.2.2
I just unzipped to the dir and ran the web page.  Are there any web.config setting i need to change?  It went throught the update process and said successful but then I go to the page I just get : An error has occurred.An error has occurred.   and the url looks like this http://localhost/LNL/Default.aspx?tabid=36&error=Object+reference+not+set+to+an+instance+of+an+object.&content=0 www.jiltedcitizen.comwww.livegreenforum.com Did you do anything with the web.config in your directory? Save it as a backup and rename the releas.config file as the docum...

Web resources about - Trying to upgrade 3.1.1-217 to 3.1.2 - novell.support.access-manager

Windows Anytime Upgrade - Wikipedia, the free encyclopedia
Windows Anytime Upgrade (WAU) was an upgrade method offered by Microsoft and selected licensed resellers to users who intended to upgrade their ...


President Obama's Facebook Page Upgrades To Timeline
Yes, we can upgrade to timeline. U.S. President Barack Obama's Facebook page has the new layout.

Update on Android Ice Cream Sandwich upgrades
HTC has been working hard to get its Ice Cream Sandwich upgrades ready, and we’re excited to announce that our first round of ICS upgrades will ...

Four Reasons to Upgrade to the New Share Dialog for iOS
... as friend tagging and privacy controls. 2. A faster and more native sharing experience Pinterest and popular iOS game 4 Pics 1 Word upgraded ...

More Streams: Facebook to Upgrade App Directory, App About Pages Soon
Over 50,000 applications have been added to the Facebook application directory since it first launched two years ago, and Facebook says it’s ...

Search Twitter - upgrade
... here Search Refresh Laura Tobin @ Lauratobin1 2m The only way to get through today is chocolate, I'm going to start small with baby & upgrade ...

Brain Upgrade - Improve Concentration and Relieve Stress! on the App Store on iTunes
Get Brain Upgrade - Improve Concentration and Relieve Stress! on the App Store. See screenshots and ratings, and read customer reviews.

upgrade - Flickr - Photo Sharing!
... Flickr. We noticed that you may be using an unsupported browser. All the basics will still work, but to get the most out of Flickr please upgrade ...

ModBook Upgrade by TechRestore - YouTube
http://www.techrestore.com/ - TechRestore Video - Here is the world's first Modbook upgrade video - TechRestore stop-motion style, of course! ...

Resources last updated: 1/2/2016 12:16:30 AM