Are there rollback instructions for the VigilEnt Security Agent for iSeries product upgrade? (NETIQKB46206)

  • Document ID:7746206
  • Creation Date:02-Feb-2007
  • Modified Date:08-Oct-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

goal
Are there rollback instructions for the VigilEnt Security Agent for iSeries product upgrade?

goal
Can I restore versions 5.4/7.0 or 7.5 after upgrading?

goal
Are there steps I can take to ensure I could recover from a failed upgrade?

goal
How do I roll back the v7.5 installation for the VigilEnt Security for iSeries to the previous version?

goal
Are there rollback instructions for the NetIQ Security Solutions for iSeries product upgrade?

goal
How do I roll back the v8.0 installation for the NetIQ Security Solutions for iSeries to the previous version?

fact
VigilEnt Security Agent for iSeries 7.5

fact
NetIQ Security Solutions for iSeries 8.0

fix

The following instructions guide you through backing up NetIQ product licensed programs. You can then restore those backups if an upgrade fails. For information about restoring programs after a failed upgrade, see the next section in this KB article.

Before you upgrade to Version 7.5 or 8.0, perform the following steps:

  1. When using RRM, from PSMENU, select options 2, 3, 20, 5, and 8 to run the exit point settings report.
  2. Ensure all Z* subsystems used by the iSeries product are ended. These subsystems include:
    • Vulnerability Manager (VM) iSeries agent
    • System Access Analysis (SAA) monitor
    • Inactive Session Monitor (ISM) monitor
    • Remote Request Management (RRM) collection monitor
    • PSDetect monitor
    • Data Auditing and Reporting (DAR)
    • System Auditing and Reporting (SAR) - SQL/QRY Command monitor

    To end the iSeries subsystems:

    1. On the iSeries, go to a command line.
    2. Type the following commands and press Enter after each:
      ENDSBS ZPSE *IMMED
      ENDSBS ZALOG *IMMED
      ENDSBS ZASBS *IMMED
      ENDSBS ZPSSMON *IMMED
      ENDSBS ZPSD *IMMED
      ENDSBS ZDDSBS *IMMED
      ENDSBS ZPSAMON *IMMED
  3. Verify there are no locks on any of the PS* libraries.
    1. On the iSeries, go to a command line.
    2. Type the following commands and press Enter after each:
      WRKOBJLCK PSAUDIT *LIB
      WRKOBJLCK PSCOMMON *LIB
      WRKOBJLCK PSDETECT *LIB
      WRKOBJLCK PSSECURE *LIB
      WRKOBJLCK PSINSTALL *LIB
  4. Remove exit program NW0001E from all exit points.
    1. To access the Work with exit points screen, from PSMENU select options 2, 3, and 8.
    2. Select exit point DDMACC with option 4 (=Remove), press F13 (=Repeat), and press Enter.
    3. Ensure all exit points are selected for the Rmv Exit program now and press Enter.
  5. Cycle the servers. From PSMENU, select options 2, 3, 30, and 3. Please note that this might impact any users on the system, and will end connections for mapped drives, ODBC connections, or other active file transfer jobs.
  6. Save product licensed programs to tape.
    1. On the iSeries, go to a command line.
    2. Type the following commands and press Enter after each, replacing TAP05 with the tape drive you are using. You can also use a savefile.
      SAVLICPGM LICPGM(1PSI001) DEV(TAP05)
      SAVLICPGM LICPGM(1PSC001) DEV(TAP05)
      SAVLICPGM LICPGM(1PSA001) DEV(TAP05)
      SAVLICPGM LICPGM(1PSS001) DEV(TAP05)
      SAVLICPGM LICPGM(1PSD001) DEV(TAP05)
      SAVLICPGM LICPGM(1PSP001) DEV(TAP05)
      SAVLICPGM LICPGM(1PSV001) DEV(TAP05)
  7. Start the upgrade. Follow the instructions in the Installation Guide for how to upgrade your version to v7.5 or v8.0.


fix

If you did not do the preparation steps and you have experienced an upgrade failure, please contact NetIQ Technical Support.

If you did perform the preparation steps, and your upgrade fails, complete the following steps to restore the product licensed programs from tape and finalize the product installation.

  1. On an iSeries command line, type PSINSTALL/PSUNINST and press Enter to uninstall the product.
  2. Type DLTLICPGM LICPGM(1PSI001) to delete the product licensed program.
  3. Restore the product licensed programs from tape by entering the following commands and pressing Enter after each, replacing TAP05 with the tape drive you are using:
    RSTLICPGM LICPGM(1PSI001) DEV(TAP05)
    RSTLICPGM LICPGM(1PSC001) DEV(TAP05)
    RSTLICPGM LICPGM(1PSA001) DEV(TAP05)
    RSTLICPGM LICPGM(1PSS001) DEV(TAP05)
    RSTLICPGM LICPGM(1PSD001) DEV(TAP05)
    RSTLICPGM LICPGM(1PSP001) DEV(TAP05)
    RSTLICPGM LICPGM(1PSV001) DEV(TAP05)

    You can also use a save file when restoring the programs.

  4. Type the following commands to prepare PSSecure/RRM for use and press Enter after each:
    ADDLIBLE PSCOMMON
    CALL NW0099E
    CALL NW0089C
  5. If you had the exit program on the exit points previously, add the NW0001E exit program to all exit points.
    1. To access the Work with Exit Points screen, from PSMENU select options 2, 3, and 8.
    2. Select exit point DDMACC with option 1 (=install), press F13 (=Repeat), and press Enter.
    3. Ensure all exit points are selected for Install Exit now and press Enter.
  6. Recreate the IFS paths /reportlet/ and /pentasafe/, assign ownership to user PSOBJOWN, and grant *RX data authority to public.
    1. On the iSeries, go to a command line.
    2. Type the following commands and press Enter after each:
      CRTDIR DIR('/pentasafe') DTAAUT(*INDIR)
      CHGOWN OBJ('/pentasafe') NEWOWN(PSOBJOWN)
      CRTDIR DIR('/pentasafe/vsa')
      CHGOWN OBJ('/pentasafe/vsa') NEWOWN(PSOBJOWN)
  7. Reset all exit points settings for the product. Use the earlier run exit point settings report for specifics on the exit point settings. Please note that you will have to reinstall the exit program on the exit points.
  8. Recreate journals PSJRN01 and PSJRN02 in library PSCOMMON, and journal DDJRN in library PSAUDIT, by typing the following commands and pressing Enter after each:
    CRTJRNRCV JRNRCV(PSCOMMON/PSJ0100001)
    CRTJRNRCV JRNRCV(PSCOMMON/PSJ0200001)
    CRTJRN JRN(PSCOMMON/PSJRN01) JRNRCV(PSCOMMON/PSJ0100001) MNGRCV(*SYSTEM)
    CRTJRN JRN(PSCOMMON/PSJRN02) JRNRCV(PSCOMMON/PSJ0200001) MNGRCV(*SYSTEM)
    CHGOBJOWN OBJ(PSCOMMON/PSJRN01) OBJTYPE(*JRN) NEWOWN(PSOBJOWN)
    CHGOBJOWN OBJ(PSCOMMON/PSJRN02) OBJTYPE(*JRN) NEWOWN(PSOBJOWN)
    CHGOBJOWN OBJ(PSCOMMON/PSJ0100001) OBJTYPE(*JRNRCV) NEWOWN(PSOBJOWN)
    CHGOBJOWN OBJ(PSCOMMON/PSJ0200001) OBJTYPE(*JRNRCV) NEWOWN(PSOBJOWN)
  9. Verify that libraries PSAUDIT, PSCOMMON, PSSECURE and PSDETECT are secured by their respective authorization lists and at least have *PUBLIC *USE authority on them. To verify this, type the following commands and press Enter after each:
    DSPOBJAUT OBJ(QSYS/PSAUDIT) OBJTYPE(*LIB)
    DSPOBJAUT OBJ(QSYS/PSCOMMON) OBJTYPE(*LIB)
    DSPOBJAUT OBJ(QSYS/PSSECURE) OBJTYPE(*LIB)
    DSPOBJAUT OBJ(QSYS/PSDETECT) OBJTYPE(*LIB)

    10. If the authority is not set correctly, please contact NetIQ Technical Support for further assistance.



Additional Information

Formerly known as NETIQKB46206