Log archive server fails to upgrade (NETIQKB73429)

  • 7773429
  • 03-Apr-2012
  • 04-Apr-2012

Environment

Securty manager 6.5.4

Log Archive server

Sentinel

Situation

Log archive server will not upgrade


Any 6.5.x Log Archive Server will not upgrade to 6.5.4.


Log Archive service will not start

2012-03-21 01:27:10,452 [DataStoreServer] ERROR NetIQ.NERDS.Server.DataStoreService: DataStoreServerThread: caught unhandled exception
System.ServiceModel.CommunicationException: The tracking (workstation) service is not running. This often indicates that a service that HTTP.SYS depends upon (such as httpfilter) is not started. ---> System.Net.HttpListenerException: The tracking (workstation) service is not running

Resolution

There are two scenarios that must be addressed to complete a successful upgrade. (LAS service start)

Upgrade the LAS box in a non-Sentinel environment where the httpfilter service must stay disabled.

1. Put in a changed control request to temporarily start the httpfilter service.
2. Start the httpfilter service.
3. Upgrade the Log Archival Server.
4. Once the LAS has been upgraded you can modify the configuration file nqLogArchiveServer.exe.config in \Program Files\NetIQ Security Manager\NetIQ Log Archive. Go to the end of NqLogArchiveServer.exe.config and edit   <RESTServerConfiguration enabled="true" port="8443" certStoreName="NetIQ Security Manager" certSubjectDN="CN=NetIQ Security Manager Server" />          set the enable to false.
5. Save and close
6. Stop the log archive service
7. Stop and disable the httpfilter service.
8. Start the log archive service.

Upgrade the LAS box in a LAS/Sentinel environment

The httpfilter service must be running during the upgrade and during normal operation so simply start the service and set it to automatic.

Cause

One of the requirements for using Sentinel with Security manager is that the httpfilter service must be running on the LAS box. If that service is not running the upgrade to 6.5.4 will fail.

There are some Microsoft security updates that will disable the httpfilter service which could also cause the log archive service to not start.  The same instructions can be used for that snenario.

There may also be a GPO in place that has the httpfiler service disabled.

Additional Information

Formerly known as NETIQKB73429