UserLock Documentation
UserLock Documentation
You are here: Upgrade

Upgrade procedure

Minor version upgrade

Concerns a new release for whenever the 3rd or 4th number increments (Ex: 9.7.0.209).

Use the following procedure for each UserLock server (first Primary then Backup).
Note: Once primary is upgraded, upgrade the backup, and after that synchronizations will fully work.

Please proceed the following prior steps to facilitate a recovery and avoid any loss of the UserLock settings if something wrong occurs during the upgrade procedure.

Backup

See the Backup help page.

Database

During the UserLock upgrade process, the database structure may also be upgraded (depending on the number of the current version and the one being installed). If your system is an MS SQL Server database, there are some additional requirements depending on the authentication mode implemented:

  • Windows authentication: the user account configured for the 'UserLock Service Impersonation' requires modification rights on the database structure (to add fields in existing tables and to create additional tables).
  • SQL authentication: the SQL account configured in the UserLock database connection string requires modification rights on the database structure (to add fields in existing tables and create additional tables).

These additional rights are only necessary during the upgrade process. You can downgrade the database rights level to its previous status once the UserLock upgrade has been completed.

Avoiding a reboot

Before upgrading, check the following points on each UserLock server to avoid a server reboot:

  • Close all MMC consoles on the server.
  • Close the UserLock administration console.
  • If you are using UserLock web applications on the server (web application, IIS MFA, UserLock Anywhere), the related application pools must be stopped during the upgrade process.
    • "UserLockAppPool" is related to the web application.
    • "UserLockMfaAppPool" is related to IIS MFA.
    • "UserLockProxyAppPool" is related to UserLock Anywhere.
    Note: these application pool names are the default ones but you may have used another names or renamed default names.
    To stop these pools, open the "Internet Services Manager" from the Administrative Tools, select "Application Pools," then select the related pools, and click "Stop". After that, do not use these applications until UserLock has been upgraded and these pool have been started again.

Upgrade process

  1. Install the new version of UserLock without uninstalling the previous one. All components will be automatically updated. After installation, the new version of UserLock will be operational. Don't forget to start the application pool of the UserLock Web console 'UserLockAppPool'.
  2. Optionally, if a new version of the agent is available and you want to benefit from the new version features, upgrade the agent on all your protected computers either manually or using the 'Automatic mode'. Do the same for IIS, NPS and SSO agents (see this page for agent-specific steps).

Major upgrade

Concerns a new release for whenever the 1st or 2nd number increments (Ex: 9.7.0.209). This type of update requires a valid maintenance contract.

Use the following procedure for each UserLock server (first Primary then Backup).
Note: Once primary is upgraded, upgrade the backup, and after that synchronizations will fully work.

Please proceed the following prior steps to facilitate a recovery and avoid any loss of the UserLock settings if something wrong occurs during the upgrade procedure.

License

Any major upgrade requires a corresponding license level. We suggest you check the license key previously registered in the UserLock server 'Properties'.

Make sure that the license key is the latest one supplied by our Sales Department and that the maintenance has not expired.

Backup

See the Backup help page.

SSO

Start the UserLock SSO service and set it to automatic.

Database

During the UserLock upgrade process, the database structure may also be upgraded (depending on the number of the current version and the one being installed). If your system is an MS SQL Server database, there are some additional requirements depending on the authentication mode implemented:

  • Windows authentication: the user account configured for the 'UserLock Service Impersonation' requires modification rights on the database structure (to add fields in existing tables and to create additional tables).
  • SQL authentication: the SQL account configured in the UserLock database connection string requires modification rights on the database structure (to add fields in existing tables and create additional tables).

These additional rights are only necessary during the upgrade process. You can downgrade the database rights level to its previous status once the UserLock upgrade has been completed.

Avoiding a reboot

Before upgrading, check the following points on each UserLock server to avoid a server reboot:

  • Close all MMC consoles on the server.
  • Close the UserLock administration console.
  • If you are using UserLock web applications on the server (web application, IIS MFA, UserLock Anywhere), the related application pools must be stopped during the upgrade process.
    • "UserLockAppPool" is related to the web application.
    • "UserLockMfaAppPool" is related to IIS MFA.
    • "UserLockProxyAppPool" is related to UserLock Anywhere.
    Note: these application pool names are the default ones but you may have used another names or renamed default names.
    To stop these pools, open the "Internet Services Manager" from the Administrative Tools, select "Application Pools," then select the related pools, and click "Stop". After that, do not use these applications until UserLock has been upgraded and these pool have been started again.

Upgrade process

The UserLock upgrade must be performed without changing the installation folder.

  1. Launch the upgrade to UserLock by executing the installation package without uninstalling the previous version. All components will be automatically updated.
  2. Once the Installation Wizard ends, click on finish. The UserLock 'Configuration Wizard' will open. Click on 'Next'.

  3. Select 'Primary Server' as role. Click on 'Next'.

  4. Select the 'Network Protected Zone' which UserLock has to monitor. Click on 'Next'.

  5. Enter an account having administrative privileges on this server, the Backup server and all computers UserLock has to protect. By default, the UserLock service will run on this server as 'NETWORK SERVICE'. The impersonation account entered here will be used when UserLock actions require more rights (agent deployment, remote actions on sessions, etc.).
    Please note:
    • This account will also be used to upgrade the UserLock database if you are using MS SQL Server with the Windows Authentication mode. It requires modification rights on the database structure (to add fields in existing tables and to create additional tables) at least during the upgrade process.
    • No modifications will be made to your Active Directory or its schema.

    Click on 'Next' once this account has been defined.

  6. The Wizard will configure all settings. Click on 'Finish' to launch the UserLock console.

  7. Check that all settings have been correctly migrated from the previous version, specifically the protected account rules and the server 'Properties' settings.
  8. Deploy the new UserLock agent on all protected computers it you want to benefit from the new version features, either manually or using the automatic mode.
  9. If you have a Backup UserLock server, perform the same upgrade procedure on the UserLock Backup server except during the step 4 where you have to choose 'Backup server' as the server type, and where you have to enter the name of the Primary server you've just upgraded.

  10. Don't forget to restart the application pool of the UserLock Web console 'UserLockAppPool'. Also if you had protected the UserLock web console with the IIS agent, you will have to put it back in place.
    If you want to benefit from the new version features, upgrade the agent on all your protected computers either manually or using the "Automatic mode". Do the same for IIS, NPS and SSO agents (see this page for agent-specific steps).
  11. Your installation of UserLock has been successfully upgraded. You can now benefit from the newest features.
    NB: Please note that when you update UserLock, you also need to update the software components, so you need to run the new installation package (new version) on the different servers where the different modules have been installed: IIS MFA, UserLock Anywhere, Web console.