Upgrade procedure
Minor version upgrade
Concerns a new release for whenever the 3rd or 4th number increments (Ex: 12.0.0.633).
Use the following procedure for each UserLock server (first Primary then Backup).
Please proceed the following prior steps to facilitate a recovery and avoid any loss of the UserLock settings if something wrong occurs during the upgrade procedure.
Backup
Avoiding a reboot
Before upgrading, check the following points on each UserLock server to avoid a server reboot:
- Close all MMC consoles on the server.
- Close the UserLock administration console.
- If you are using UserLock web applications on the server (web application, IIS MFA, UserLock Anywhere), the related application pools must be stopped during the upgrade process.
- "UserLockAppPool" is related to the web application.
- "UserLockMfaAppPool" is related to IIS MFA.
- "UserLockProxyAppPool" is related to UserLock Anywhere.
To stop these pools, open the "Internet Services Manager" from the Administrative Tools, select "Application Pools," then select the related pools, and click "Stop". After that, do not use these applications until UserLock has been upgraded and these pool have been started again.
Upgrade process
- Install the new version of UserLock without uninstalling the previous one. All components will be automatically updated. After installation, the new version of UserLock will be operational. Don't forget to start the application pool of the UserLock Web console 'UserLockAppPool'.
- Optionally, if a new version of the agent is available and you want to benefit from the new version features, upgrade the agent on all your protected computers either manually or using the 'Automatic mode'. Do the same for IIS, NPS and SSO agents (see this page for agent-specific steps).
Major upgrade
Concerns a new release for whenever the 1st or 2nd number increments (Ex: 12.0.0.633). This type of update requires a valid maintenance contract.
Use the following procedure for each UserLock server (first Primary then Backup).
Note: Once primary is upgraded, upgrade the backup, and after that synchronizations will fully work.
Please proceed the following prior steps to facilitate a recovery and avoid any loss of the UserLock settings if something wrong occurs during the upgrade procedure.
License
Any major upgrade requires a corresponding license level. We suggest you check the license key previously registered in the UserLock server 'Properties'.
Make sure that the license key is the latest one supplied by our Sales Department and that the maintenance has not expired.
Backup
SSO
Start the UserLock SSO service and set it to automatic.
Database
During the UserLock upgrade process, the database structure may also be upgraded (depending on the number of the current version and the one being installed). If your system is an MS SQL Server database, there are some additional requirements depending on the authentication mode implemented:
- Windows authentication: the user account configured for the 'UserLock Service Impersonation' requires modification rights on the database structure (to add fields in existing tables and to create additional tables).
- SQL authentication: the SQL account configured in the UserLock database connection string requires modification rights on the database structure (to add fields in existing tables and create additional tables).
These additional rights are only necessary during the upgrade process. You can downgrade the database rights level to its previous status once the UserLock upgrade has been completed.
Avoiding a reboot
Before upgrading, check the following points on each UserLock server to avoid a server reboot:
- Close all MMC consoles on the server.
- Close the UserLock administration console.
- If you are using UserLock web applications on the server (web application, IIS MFA, UserLock Anywhere), the related application pools must be stopped during the upgrade process.
- "UserLockAppPool" is related to the web application.
- "UserLockMfaAppPool" is related to IIS MFA.
- "UserLockProxyAppPool" is related to UserLock Anywhere.
To stop these pools, open the "Internet Services Manager" from the Administrative Tools, select "Application Pools," then select the related pools, and click "Stop". After that, do not use these applications until UserLock has been upgraded and these pool have been started again.
Upgrade process
The UserLock upgrade must be performed without changing the installation folder.
- Launch the upgrade to UserLock by executing the installation package without uninstalling the previous version. All components will be automatically updated.
- Once the Installation Wizard ends, click on finish. The UserLock 'Configuration Wizard' will open. Click on 'Continue'.
- Select 'Primary Server' as role. Click on 'Select'.
- Select the computer OUs to be included in the 'Protected Zone' for UserLock to monitor. Click on 'Continue'.
- Enter an
account having administrative privileges on this server, the Backup
server and all computers UserLock has to protect. By default, the UserLock
service will run on this server as 'NETWORK SERVICE'. The impersonation
account entered here will be used when UserLock actions require more rights
(agent deployment, remote actions on sessions, etc.).
Please note:
- This account will also be used to upgrade the UserLock database if you are using MS SQL Server with the Windows Authentication mode. It requires modification rights on the database structure (to add fields in existing tables and to create additional tables) at least during the upgrade process.
- No modifications will be made to your Active Directory or its schema.
Click on 'Continue' once this account info has been entered.
- The Wizard will configure the UserLock service. Click on 'Continue' Once the server has been configured, you can choose to continue to configure the different modules that have been installed: MFA for IIS, UserLock Anywhere, the WebApp or launch the UserLock console.
- Check that all settings have been correctly migrated from the previous version, specifically the protected account rules and the server 'Properties' settings.
- If you have a Backup UserLock server, perform as soon as possible the same upgrade procedure on the Backup server except choose 'Backup server' as the server type, and enter the name of the Primary server you've just upgraded.
- As a precaution, if upgrading from 12.1 or lower to 12.2 or higher, automatic deployment will be disabled (if enabled) due to the new desktop agent technology that should be installed gradually.
Deploy the new UserLock agent on all protected computers it you want to benefit from the new version features, either manually or using the automatic mode. - Don't forget to restart the application pool of the UserLock Web console 'UserLockAppPool'.
Also if you had protected the UserLock web console with the IIS agent, you will have to put it back in place.
If you want to benefit from the new version features, upgrade the agent on all your protected computers either manually or using the "Automatic mode". Do the same for IIS, NPS and SSO agents (see this page for agent-specific steps). - Your installation of UserLock has been successfully upgraded. You can now benefit from the newest features.
NB: Please note that when you update UserLock, you also need to update the software components, so you need to run the new installation package (new version) on the different servers where the different modules have been installed: IIS MFA, UserLock Anywhere, Web console.