Upgrading PolicyServer

Upgrade PolicyServer to gain access to server enhancements and new security features available in the latest product version. During the upgrade, PolicyServer services are temporarily stopped. However, there is no interruption to Endpoint Encryption device access. Existing policy configurations are maintained.

Note:

For information about fresh installs, see Installing PolicyServer.

Warning:

For security reasons, legacy Endpoint Encryption agents cannot communicate directly with a PolicyServer instance residing in a different network. For information about configuring a web proxy, see Traffic Forwarding Services for Legacy Agents.

  1. Verify that all system requirements are met.

    See PolicyServer System Requirements.

  2. Stop the services "TMEEservice" and "PolicyServerWindowsService".
  3. Run PolicyServerInstaller.exe

    The PolicyServer Installer opens.

  4. At the Product Legal Notice screen, read the license agreement and accept the terms by clicking Accept.
  5. Verify the PolicyServer version and then click Upgrade.

    Make sure to follow the correct upgrade path for PolicyServer. For more information, see Upgrade Paths.

  6. At the License Registration message, click OK to continue.
  7. At the Windows Service Logon screen, click Continue.
  8. At the Database Administrator Logon screen, provide the following in the Primary Database section:
    Option Description

    Server

    The Microsoft SQL Server host name (localhost) or IP address.

    User name

    The user name with the sysadmin role for the specified Microsoft SQL Server.

    Password

    The password for the sysadmin account.

    Note:

    For environments with multiple SQL Server instances, append the SQL instance to the end of the database host name or IP address used. Use the following syntax to specify an instance:

    <hostname_or_IP_address>\<database_instance>

    The installer verifies the database connection.

  9. At the PolicyServer Question message, do one of the following:
    • Click Yes to back up existing data

    • Click No to overwrite existing data

    Tip:

    Trend Micro recommends backing up the existing data before performing the upgrade.

  10. At the Endpoint Encryption Service screen, specify the following parameters:
    Option Description

    Port number

    Specify the port number that the PolicyServer MMC, Control Manager and Endpoint Encryption 6.0 Patch 1 agents use to communicate with PolicyServer (default: 8080).

    Note:

    In environments with legacy agents, Trend Micro recommends using port 8080 for the Admin Web Service and port 80 for the Client Web Service. The port number must be a positive integer between 1 and 65535.

    Automatically generate a new self-signed certificate

    Select this option if no certificate is available. The installer generates a certificate for encrypted communication.

    Specify an existing certificate

    Select this option to use a specific certificate. There are no limitations or requirements for specifying an existing certificate except that the certificate is correctly formatted.

  11. At the Legacy Agent Service screen, select the location that legacy Endpoint Encryption agents (version 3.1.3 and below) use to communicate with PolicyServer, then click Continue.
  12. Click Yes to install PolicyServer MMC.
    Warning:

    The PolicyServer installer can automatically install a version of PolicyServer MMC that supports the management of the product. PolicyServer 6.0 Patch 1 does not support older versions of PolicyServer MMC. Only click No if another endpoint with PolicyServer MMC 6.0 Patch 1 installed manages PolicyServer.

    The installation process begins.

  13. At the PolicyServer Installation message, click OK.
  14. Click Finished.
  15. From the PolicyServer Installer window, click Exit.