The Ether: Migrating RSA Authentication Manager from 5.2 to 6.1 with different hardware/hostname/IP address

Migrating RSA Authentication Manager from 5.2 to 6.1 with different hardware/hostname/IP address

Issue

The RSA database is encrypted with the license record and the Primary Authentication Manager hostname and IP address are embedded in the database.

Resolution

On the existing 5.2 Authentication Manager export the databases from a command prompt:

net stop sdradiusd 
net stop acesrvc 
net stop logmaintsvc   
net stop sdadmind 
net stop sdcommd 
net stop syncsrvc0
net stop jsed
net start brksrv

C:
CD \ace\prog
sddumpsrv
sddumplog

net start brksrv 
net start jsed
net start syncsrvc0
net start sdcommd 
net start sdadmind 
net start logmaintsvc 
net start acesrvc 
net start sdradiusd

Copy the following files to the new server in "C:\Program Files\RSA Security\Authentication Manager\legacy":

- C:\ace\prog\sdserv.dmp
- C:\ace\prog\sdlog.dmp
- C:\ace\data\license.rec

On the new server:

- Install a fresh copy of Authentication Manager 6.1

Stop Services
- Select Start | All Programs | RSA Authentication Manager Control Panel
- Select Start & Stop RSA Auth Mgr Services
- Click Stop All
- Click OK

Import Data
- Select Start | All Programs | RSA Security | RSA Authentication Database Tools | Load
- Check Server Database
- Enter C:\Program Files\RSA Security\RSA Authentication Manager\legacy\sdserv.dmp
- Check Server dump file has a different license record
- Check Merge records from server dump file
- Click OK
- Click Close

Import Logs
- Run C:\Program Files\RSA Security\RSA Authentication Manager\prog\sdnewdb.exe
- Check Log Database
- Click OK
- Click Yes
- Click OK
- Select Start | All Programs | RSA Security | RSA Authentication Database Tools | Load
- Check Log Database
- Enter C:\Program Files\RSA Security\RSA Authentication Manager\legacy\sdlog.dmp
- Click OK
- Click Close

Start Services
- Select Start | All Programs | RSA Security | RSA Authentication Manager Control Panel
- Select Start & Stop RSA Auth Mgr Services
- Click Stop All

Update sdconf.rec on Agents
- Select Start | All Programs | RSA Security | RSA Authentication Manager Host Mode
- Select Agent Host | Generate Configuration Files
- Click OK to generate a configuration file for All Agent Hosts
- Click Yes
- Copy the sdconf.rec file from C:\Program Files\RSA Security\RSA Authentication Manager\data\config_files to all Agents

References

To create a clean database on the Authentication Manager with an administrator and a replica defined:

- Select Start | All Programs | RSA Authentication Manager Control Panel
- Select Start & Stop RSA Auth Mgr Services
- Click Stop All
- Click OK
- Run C:\Program Files\RSA Security\RSA Authentication Manager\prog\sdnewdb.exe
- Check Log and Server databases to remove all data
- Run "C:\Program Files\RSA Security\RSA Authentication Manager\prog\sdrepmgmt add"
- Enter the hostname for "Enter system to add to replica table:"
- Accept the defaults for the remaining prompts
- Run "C:\Program Files\RSA Security\RSA Authentication Manager\prog\sdcreadm Administrator"
- Select Start | All Programs | RSA Security | RSA Authentication Manager Control Panel
- Select Start & Stop RSA Auth Mgr Services
- Click Stop All

To rename or change the IP address of the Primary Server:

Stop Services
- Select Start | All Programs | RSA Authentication Manager Control Panel
- Select Start & Stop RSA Auth Mgr Services
- Click Stop All
- Click OK
- Click Edit
- Uncheck Automatically start services on system startup
- Click OK

Update Replica
- Select Start | All Programs | RSA Security | RSA Authentication Manager | RSA Authentication Manager Configuration Tools | RSA Authentication Manager Replica Management
- Highlight the Primary Server
- Click Details
- Change the Name and or the IP addresses of the Primary ACE/Server configuration
- Click OK to the notice that you have changed the Name and now must change the system name

Update Server
- Change the name or IP address on the Primary Server Operating system, and reboot the machine
- Select Start | All Programs | RSA Security | RSA Authentication Manager | RSA Authentication Manager Configuration Tools | RSA Authentication Manager Replica Management
- Click OK to the "The name and/or IP address of this Primary RSA ACE/Server has changed successfully" dialogue

Start Services
- Select Start | All Programs | RSA Authentication Manager Control Panel
- Select Start & Stop RSA Auth Mgr Services
- Click Start All
- Click OK
- Click Edit
- Check Automatically start services on system startup
- Click OK

Other Updates
- If you have replicas and If Push DB is enabled on the Primary, copy only the ACEDATA\replica_package\license directory to all Replicas.
- If Push DB is disabled on the Primary, copy and replace the replica's ace\data\sdserv.(db, bi, vrs, lg) files with the files from the ACEDATA\replica_package\database\sdserv.* and the license files as above
- New sdconf.rec files must be generated for all agent hosts and delivered to the agent hosts, replacing the existing file

Products

RSA SecurID Authentication Manager 6.1
RSA SecurID Authentication Manager 5.2

Created: 30th January 2008
Updated: 30th January 2008