How do I move the Security Manager databases to a new server? (NETIQKB49512)

  • 7749512
  • 02-Feb-2007
  • 25-Nov-2008

Resolution

goal

How do I move the Security Manager databases to a new server?



goal
How do I move the OnePoint database to a new server?

goal
How do I change the database computer?

goal
How do I transfer the Log Manager databases to a different computer?

fact
Security Manager 5.X

fix

NOTE:  If you are moving the databases to a new SQL server with the same name, please see the notes below under Additional Information.

To move the OnePoint, LogManagerSummary, LogManagerConfiguration, and SecurityManagerCommon (for 5.6) databases to a new database server:

Note: The new SQL database server must be in the same domain as the central computers. The following steps presume you already have a SQL server installed that meets Security Manager requirements. For more information about requirements, see the Installation Guide for Security Manager.

  1. Close all open Security Manager user interfaces including Alert Sentry and stop the NetIQ Security Manager (OnePoint for 5.0) and NetIQ Security Manager Core (for 5.6) service on all central computers.
  2. Detach OnePoint, LogManagerSummary, LogManagerConfiguration, and SecurityManagerCommon (for 5.6) databases using SQL Enterprise Manager by completing the following steps:

    a. Expand the Microsoft SQL Servers> SQL Server group> old server > Databases.

    b. Right-click the OnePoint database, and then click All Tasks >Detach database.

    c. Repeat Step b to detach the LogManagerSummary, LogManagerConfiguration, and SecurityManagerCommon (for 5.6) databases.

    Note: You can also use SQL Query Analyzer and run the sp_detach stored procedure to do this task.
  3. Move or copy the data (*.mdf ) and transaction log (*.ldf ) files for these databases to the new SQL server in the same drive and folder. (Note: This doesn't have to be the same path, but makes attaching the databases easier)
  4. Attach the OnePoint, LogManagerSummary, LogManagerConfiguration, and SecurityManagerCommon (for 5.6) databases using SQL Enterprise Manager on the new server by completing the following steps:

    a. Expand the Microsoft SQL Servers> SQL Server group> new server  folders.

    b. Right click Databases, and then click All Tasks > Attach database. Make sure to enter the correct path to the data (EeaData.mdf ) and transaction log (EeaLog.ldf ) files and choose the service account as the owner of the database.  If the service account doesn't show up in the drop down list, you will need to add the account under the Security | Logins page.

    c. Repeat Step b to attach the LogManagerSummary, LogManagerConfiguration, and SecurityManagerCommon (for 5.6) databases.

    Note: You can also use SQL Query Analyzer and run sp_attach stored procedure to do this task.

    Note:  The following steps should be completed in one continuous process and in order. There should not be any delays in executing the steps. Proper preparations should be made ahead of time to have all account, passwords, data paths and software available.
  5. Update the Configuration and Component tables in the OnePoint database on the new SQL server by completing the following steps:
     
    a. Open SQL Enterprise Manager, and then expand the Microsoft SQL Servers > SQL Server group> new server  > Databases >  OnePoint >  Tables.

    b. Right click the Configuration table, and click Op.
    en table > Return all rows
    .

    c. Edit the DataValue column entry where the DataName column = AlertURLBase with the new SQL Server name. For example:

    old server=HTSSM1 and old value is: PropertySheet.asp?database=HTSSM1&target=%1&t=alert
    new server=HOUSM5, change to the following: PropertySheet.asp?database=HOUSM5&target=%1&t=alert

    d. Edit the DataValue column entry where the DataName column = EventURLBase with new SQL Server name. For example:

    old server=HTSSM1 and old value is: PropertySheet.asp?database=HTSSM1&target=%1&t=event
    new server=HOUSM5, change to the following: PropertySheet.asp?database=HOUSM5&target=%1&t=event

    e. Close the Configuration table.

    f. Right click the Component table, and click Open table > Return all rows.

    g. Edit the Version column entry where Name = Database Version for the version of Security Manager you have installed:

    for 5.0 - from 5.00.0.132 to 5.00.0.131
    for 5.1 - from 5.10.0.80 to 5.10.0.79
    for 5.5 - from 5.50.0.158 to 5.50.0.157
    for 5.6 - from 5.60.0.231 to 5.60.0.230


    h. Close the Component table and open the Configuration and Component tables again to make sure these changes were saved.
  6. Update the following registry entries on the all central computers. You can update the registry using the Registry Editor. Please see the warning at the end of this article about editing the registry.

    For 5.1, 5.5, and 5.6:

    HKLM|Software|NetIQ|Security Manager|DASServer|DataSource = New database server name
    HKLM|Software|NetIQ|Security Manager|Configurations|Default|MCSApplications|Operations GUI|Databases|Default = New database server name

    In the same place, if it exists, rename the old server name string value in the right pane to ?New database server name? and change its data value to ?New database server name?

    HKLM|Software|NetIQ|Security Manager|Configurations|<Configuration Group name >|Operations|Databases = New database server name
    HKLM|Software|NetIQ|Security Manager|Databases - rename the 'Old database server name' key to 'New database server name'
    HKLM|Software|ODBC|ODBC.INI|LAVAE|Server = 'New database server name'.  (This entry will only exist on your Trend Analysis Central Computer)
    HKLM|Software|ODBC|ODBC.INI|vimsla|Server = 'New database server name'


    For 5.0:

    HKLM|Software|Mission Critical Software|OnePoint|DASServer|DataSource = New database server name
    HKLM|Software|Mission Critical Software|OnePoint|Configurations|Default|MCSApplications|Operations GUI|Databases|Default = New database server name

    In the same place, if it exists, rename the old server name string value in the right pane to ?New database server name? and change its data value to 'New database server name'

    HKLM|Software|Mission Critical Software|OnePoint|Configurations|<Configuration Group name>|Operations|Databases = New database server name
    HKLM|Software|Mission Critical Software|OnePoint|Databases - rename the ?Old database server name? key to 'New database server name'
    HKLM|Software|ODBC|ODBC.INI|LAVAE|Server = 'New database server name'.  (This entry will only exist on your Trend Analysis Central Computer
    HKLM|Software|ODBC|ODBC.INI|vimsla|Server = 'New database server name'
  7. Run the setup program on.
    the primary central computer, and then on any secondary central computers. Make sure to install all hotfixes and service packs that were installed ignoring any errors after each update is applied. The setup program needs to run in order to create the SQL OnePoint jobs, users, and  groups on the new SQL server as well as update additional configuration information on each central computer.

    Notes:
    • Make sure the installing user has the necessary rights to install:

      For 5.5 and 5.6 - Make sure that the installing user has the 'system administrators' role on the new SQL server.
      For 5.0 and 5.1 - Make sure the Security Manager service account has been granted the ?system administrators? server role on the new SQL server or the install will fail.  This can be done by either explicitly adding the service account as a SQL login and granting the system administrators server role, or adding the service account to the local administrators group on the SQL server which by default would be granted the system administrator rights needed.  If the builtin\administrators login was removed or changed in Enterprise Manager, then the first method will need to be used
    • We recommend creating Global groups in advance and mapping these Global groups to the local OnePointOp groups during the installation:

      For 5.5 and 5.6 - Login with a user that has the 'system administrators' right on the database server and run the setup program, selecting next on each screen.  Make sure to fill in the service account and configuration group passwords.  When the setup is finished run the 'Access Configuration' utility to repair the permissions on the new SQL server for any groups/users that are members of the local OnePointOp groups on the central computer.  This only needs to be done on the primary central computer.  There is no need to run the 'Module Installer'.
      For 5.0 and 5.1 - Login with the Security Manager Service account on the Central Computer and run the setup program, selecting next on each screen.  During the setup, reconfigure the domain groups in the ?Role Access Type? window, and add the Global Groups to the OnePointOp local groups
  8. For 5.6 - After the setup is completed on each central computer, verify that the NetIQ Security Manager and NetIQ Security Manager Core services start on all central computers.  If the NetIQ Security Manager Core service has been disabled by the OS due to the service being deleted, restart the server and then login with a user that has the 'system administrators' right on the database server and re-run the setup program selecting next on each screen.  Make sure to fill in the service account and configuration group passwords.  This will re-install the NetIQ Security Manager Core service which couldn't be installed before due to some open files.
    For 5.0, 5.1, and 5.5 - After the setup is completed on each central computer, verify that the NetIQ Security Manager (OnePoint on 5.0)  service starts on all central computers.
  9. Open the Monitor Console and verify whether agents can reconnect with the central computers.
  10. For 5.0, 5.1, and 5.5, if the Incident Management Console is installed on the central computer, update the Incident Management Console and Alert Sentry on the central computer:

    a. Launch the Incident Management Console on the central computer.

    b. On the Tools menu, click Manage Databases and remove the old database entry if it exists.

    c. Launch the Incident Management Console again to make sure that it can connect to the new database server.

    d. Right-click the Alert Sentry icon in the taskbar and click >Refresh Databases.
  11. Make the following changes on all User Interface only computers:

    a. Update following registry entry:

    For 5.0
    - HKLM|Software|Mission Critical Software|OnePoint|Configurations|Default|MCSApplications|Operations GUI|Databases|Default = New database server name
    For 5.1, 5.5, and 5.6 - HKLM|Software|NetIQ|Security Manager|Configurations|Default|MCSApplications|Operations GUI|Databases|Default = New database server name

    b. Perform the following steps:

    For 5.5 and 5.6
      - Rerun the setup program and choose the defaults.  This will upgrade the user interface only components.  Clean up the old database key from the registry by removing HKLM | Software | NetIQ | Security Manager | Databases | <old database name>
    For 5.0 and 5.1 - Rerun the setup program and choose the user interface only installation. After the setup is completed, repeat Step 9 on the user interfaces only computer.
.


fix

To move the log databases to a new log database server:

  1. Close all open Security Manager user interfaces including Alert Sentry and stop the NetIQ Security Manager (OnePoint for 5.0) and NetIQ Security Manager Core (for 5.6) service on all central computers.
  2. Run the following SQL query using Microsoft SQL Server Query Analyzer to update the map table in the OnePoint database:

    use OnePoint
    update MapTable
    set LogDatabaseServer = '<new SQL server name>'
    where LogDatabaseServer = '<old SQL server name>'
  3. Detach and copy the LM database .mdf and .ldf files from the old log database server to the new log database server. The log database names use the following format:
    LM_YYYYMMDD_001   Where YYYYMMDD is the date in local time on the log database server.
  4. Detach and copy the LogManagerSummary .mdf and .ldf files from the old log database server to the new log database server.

    Note:  If you are moving the log databases to the OnePoint database server, then there is no need to copy the LogManagerSummary database files.
  5. Attach the log databases on the new log database server.
  6. Launch the Configuration Wizard. For more information about launching the Configuration Wizard, see the Help.
  7. Open the Configuration Wizard for Log Manager as follows:
  8. For 5.0 and 5.1: In the left pane, click Log Manager, and then in the right pane, click Configure Log Manager and then click Next twice.
    For 5.5 and 5.6: In the left pane, click Log Manager, and then in the right pane, click Configure Log Manager for Windows and then click Next twice.
  9. Click the central computer that is using the old log database server.
  10. Click  Specify Database, and then click OK or Yes to the warning message about losing data.
  11. Specify the new log database server and choose the appropriate path (either the SQL default path, or a specified path) and click  OK.
  12. If you have Security Manager 5.5 or 5.6 and your logged on account does not have system administrator permission on the OnePoint or new log manager database servers, click Use SQL Authentication and specify a SQL user account with system administrator permissions.
  13. Click Next until you reach the end of the wizard, and then click Finish.
  14. Clear Apply Configuration changes now, and click OK
  15. If Security Manager displays an error message, click OK.
  16. Start the NetIQ Security Manager (OnePoint for 5.0) and NetIQ Security Manager Core (for 5.6) service on the central computer.


note

Note:  If you are moving your databases to a new SQL server with the same name, then you will want to follow the above steps, with the following modifications:

Under "To move the OnePoint, LogManagerSummaryLogManagerConfiguration, and SecurityManagerCommon (for 5.6) databases to a new database server:"

Follow steps 1-4.
In step 5, skip steps b-e.
Skip step 6, 10, and 11.

Under "To move the log databases to a new log database server:"

Skip steps 2 and 6-15.



note
Warning: Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. NetIQ Technical Support cannot guarantee that problems resulting from the incorrect use of Registry Editor can be resolved. Make sure you back up your registry prior to making any changes.

Additional Information

Formerly known as NETIQKB49512

Feedback service temporarily unavailable. For content questions or problems, please contact Support.