Migration and Upgrade to Reflection for Secure IT Windows Server 7.1 or Higher

  • 7022013
  • 01-Feb-2008
  • 02-Mar-2018

Environment

Reflection for Secure IT Windows Server version 7.1 or higher

Situation

This technical note describes how to migrate to Reflection for Secure IT Windows Server version 7.1 or higher from Reflection for Secure IT Windows Server 7.0, 6.x, or F-Secure SSH Server for Windows.

Resolution

Upgrading to Reflection for Secure IT version 7.1 or Higher from 7.0

If you are upgrading an existing installation of Reflection for Secure IT version 7.0, note the following:

  • If the server is running when you apply the upgrade, the installer stops the service and any existing client connections are disconnected.
  • We recommend that you back up your server configuration file before upgrading. The backup will be useful if you want to revert to an earlier version at some point in the future. The configuration file is located in the following folder:

Windows Server 2008: C:\ProgramData\Attachmate\RSecureServer\

Windows Server 2003: C:\Documents and Settings\All Users\Application Data\Attachmate\RSecureServer\

  • After applying the upgrade, you need to restart Windows to complete the installation.

Automatic Migration of Reflection for Secure IT 6.x and F-Secure Settings

When you install Reflection for Secure IT Windows Server 7.1 or higher on systems with Reflection for Secure IT version 6.x or an F-Secure server, Reflection for Secure IT automatically migrates your current identity (host key and certificates) and settings.

Note: You can have both products (a 6.x version and a 7.x or higher version) installed on the same system at the same time, and both can be running if each product listens on a unique port. See Migration Example for Testing below.

The migration occurs the first time you:

  • Start the Attachmate Reflection for Secure IT Server service. When you restart Windows, the service starts automatically. (Restarting Windows is required to complete 7.x or higher installation.) This triggers the migration and starts the server using the migrated key and settings. (You can also start the service manually using the rsshd command line or using the Windows Computer Management console.)

-or-

  • Start the server console. This triggers the migration of keys and settings without automatically starting the server.

Note: The service cannot start if an earlier version server is still running using the same port.

Key Location

Existing host keys (hostkey and hostkey.pub by default) are copied to the new key location, so you don't need to make any changes to clients that are configured to trust your current host key.

Windows Server 2008: \ProgramData\Attachmate\RSecureServer\

Windows Server 2003: \Documents and Settings\All users\Application Data\Attachmate\RSecureServer\

Configuration File in Version 7.1 or higher

Settings in your earlier version’s sshd2_config file are migrated to the new XML configuration file, named rsshd_config.

Windows Server 2008: \ProgramData\Attachmate\RSecureServer\rsshd_config.xml

Windows Server 2003: \Documents and Settings\All users\Application Data\Attachmate\RSecureServer\rsshd_config.xml

For a summary of which settings are supported and how settings are migrated to the newer XML format, see the "Table of Migrated Settings" topic in the Reflection for Secure IT User Guide, available from https://support.microfocus.com/manuals/rsit_win_server.html.

For information about how to read the XML server settings file, see KB 7022014.

Migration Log File

Migration information is saved to the migration log file when the Reflection for Secure IT version 7.x console is started or when restarting Windows after installation.

Windows Server 2008: \ProgramData\Attachmate\RSecureServer\Logs\migration.log

Windows Server 2003: \Documents and Settings\All users\Application Data\Attachmate\RSecureServer\Logs\migration.log

Password Cache File

If you used a password cache in 6.x, cached passwords are migrated from rsitdapc to the following files:

In 7.1: RSIT_Cache (contains cached passwords) and RSIT_Cache.bin (contains the key to encrypt and decrypt entries in the password cache.)

In 7.2 or higher: RSITDatabase (contains cached credentials in the database encrypted using AES 256) and RSITDatabase.sec (contains the key required to decrypt the credential cache.)

These files are moved to the following locations:

Windows Server 2008: \ProgramData\Attachmate\RSecureServer\

Windows Server 2003: \Documents and Settings\All users\Application Data\Attachmate\RSecureServer\

Notes about Automatic Migration

  • Automatic migration will not take place if you have already uninstalled your prior version.
  • If you have an existing XML settings file, the server will not migrate the settings from a previous version’s settings file. This enables you to configure a single settings file and install it onto multiple servers.
  • You can manually migrate settings using the rsshd command line utility with the -m option.

Migration Example for Testing

While testing, you can leave your older 6.x product installed and listening on default port 22. When you install the new 7.x or higher product, use port 2222. After testing is complete, shut down the old product and change the port in Reflection for Secure IT version 7.1 or higher to 22. Migration of settings occurs one time, during installation.

Note: Any changes that you make to the old product while testing or running both products at the same time will not be carried forward to the new product.

Additional Information

Reflection for Secure IT Documentation is available on the Support site at https://support.microfocus.com/manuals/rsit_win_server.html.

Legacy KB ID

This document was originally published as Attachmate Technical Note 2283.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.