Howto upgrade Admin Console OS from SLES 11 to SLES 12 (including if IDP running on same host)

  • 7018448
  • 05-Jan-2017
  • 05-Jan-2017


NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.3


Access Manager setup working well where all NAM components were running on SLES 11 OS. Administrator wanted to upgrade the OS to SLES 12 with minimal impact to NAM and wanted to find out best approach. The setup had the following details:

// Existing setup

server 1 - - SLES 11 - primary admin console/idp
server 2 - - SLES 11 - secondary admin console/idp
2 other MAG servers running as appliances

// Want to change to this new config

server 3 - - SLES 12 - primary admin console/idp
server 4 - - SLES 12 - secondary admin console/idp


There are multiple ways to go for upgrading OS and moving to a new machine. Here is one recommended approach that was tested and verified by QA and multiple customers:

 1.      1.  Take a backup of the server1 (primary admin console) and move the backup to a different location.

2.       2. Bring down the server1. At this point entire access manager should be still working using the secondary admin console and one IDP which are running in server 2.

3.       3. Configure the server3 with the same IP address and DNS name of server 1.

4.       4. Install the same version of access manager in server 3.

5.       5. Restore the backed up primary admin console configuration in server 3. Now the server 3 should automatically become the primary admin console and it should communicate with the server 2 (secondary admin console).

6.       6. From the admin console, remove the IDP corresponding to server 1 IP address from the cluster and delete that node

7.       7. Install the IDP in server 3 and add the node to the cluster. This IDP should become functional now.

8.       8. Remove the IDP corresponding to server 2 from the cluster and then delete the node. At this point, you will have primary admin console, secondary admin console and one IDP which are functional.

9.       9. Remove the secondary admin console from the primary admin console.

10   10. Bring down the server 2.

11  11. Install the same version of access manager as secondary admin console in server 2 pointing to the primary admin console.

12  12. Once the secondary admin console is up, install IDP also on this server and add the node to the IDP cluster.