Scorpion Software Corp

Upgrading your AuthAnvil installation from v1.5 to v3.x

Find out for yourself how AuthAnvil marks the new standard in reliability and performance, designed for businesses of all sizes and individuals who demand the most from their authentication experience.

Simply follow the steps below to make sure your authentication server is properly upgraded to the latest version of AuthAnvil.

Requirements

To upgrade from AuthAnvil v1.5 (or earlier) to v3.x, please ensure you download the following requirements:

• AuthAnvil Preparation Wizard
• AuthAnvil Upgrade Preparation Tool
• AuthAnvil v3 Database Installer
• AuthAnvil v3 Installer

To start the upgrade process for AuthAnvil please follow the steps below.

Step 1 – Backup your existing data by creating a backup (bup) file.

• While logged in as Administrator, double click on the AuthAnvil Upgrade Preparation Tool (AuthAnvil_UpgradePrepTool.exe) to launch the tool.
• From the tool interface, browse to a folder location where you wish to save the backup (bup) file.
• Once you have selected the target folder to save to, click on the Create Backup button. This action will create the backup (bup) file for you.
• Make note of where this file is, you will need to use it to restore you saved data .

Step 2 - Uninstall old version of AuthAnvil

Now that all configuration data has been backed up, you can uninstall the existing product. Although it is possible to have the installer remove the older files, we recommend you completely remove the product and reinstall it afterwards:

• Click Start, then Control Panel,and finally Add or Remove Programs.
• If installed, click on any AuthAnvil agents (ie: Windows Logon Agent, RADIUS Server etc) and then click Remove. Follow instructions for removal.
  NOTE: If the AuthAnvil Windows Logon Agent is installed, the system will restart as soon as the uninstall is finished. Be sure to do this when this resource will not be needed.
• After uninstalling the agents, proceed to uninstall the AuthAnvil Server
• Click on AuthAnvil, and then Remove. Follow instructions for removal.
• Uninstall the AuthAnvil Database Management Tool last.

After removing all the agents, the server and the database tool, you are ready to proceed with the AuthAnvil v3 install.

Step 3 – Identify missing system pre-requisites with the AuthAnvil Preparation Wizard

With the products now removed , you can now determine if all of the pre-requisites for AuthAnvil v3 are installed:

• Launch the AuthAnvil Preparation Wizard by double clicking the AuthAnvilPrepAnalyzer.exe.
• Click the ‘Run’ button to run the pre-requisite checks. The results will be displayed in the tool main window.
• Anything marked with a red X is a missing pre-requisite. By highlighting the failed item, you will be provided instructions on how to remediate the issue in the description window at the bottom of the wizard, which may include a link to any components you may need to download and install.
• Ensure all pre-requisites are installed or updated, and then rerun the wizard by clicking the Run button. Continue this until you receive all green checkmarks in the tool.

Once all of the pre-requisites have been installed, you are ready to install the new version of AuthAnvil.

Step 4 - Install the new Database Management Tools

With the products now removed, you can setup the database. To install the utility and import the backup file:

• Launch the AuthAnvil Database Management Tool installer by double clicking the AuthAnvil_DatabaseInstaller.exe. Follow the installation instructions.
• During the installation of the AuthAnvil Database Management Tools you will need to use the existing user account and database credentials (if used) from your previous version.
• Use the SQL Instance from your earlier installation.
• Select the SQL authentication method you normally use for SQL.
• Enable the the option Restore data from a Bup file.
• Click the Browse button and select the bup file created earlier with the AuthAnvil Upgrade Preparation Tool.
• Write down the user credentials and SQL Server instance name that is on the final screen of the dialog. They are required for installing AuthAnvil in the next stage.

Note: If you are an MSP and are planning on administrating authentication services from this server you will need to add your clients sites manually. Do not attempt to import a clients backup as this action will overwrite your existing database and become your first site in AuthAnvil! If you need support to migrate a client’s AuthAnvil server to your own hosted server, please open a case in the Customer Portal.

Step 5 - Install AuthAnvil Strong Authentication Server

Please refer to the AuthAnvil Installation Guide for detailed instructions on installing AuthAnvil.

Note to SBS 2008 Users: Please review Appendix C – Special instructions for SBS 2008 in the AuthAnvil Installation Guide for special configuration instructions.

• Launch the AuthAnvil installer by double clicking the AuthAnvil.exe file.
• After approving to the user agreement you will need to enter the user credentials and path for the SQL Server instance created during the AuthAnvil Database Setup from Step 4.
• Pick which website in IIS you want AuthAnvil to run under and the installation path. If unsure, select “Default WebSite” or the first item in the list.
  Note: For SBS 2008 you should select “SBS Web Applications” as the website to install to.
• The AuthAnvil Configuration Wizard will launch. Enter the master administrator password and click Login.
• Enter your subscription settings. This will be your username you use to log into the Customer Portal, and the subscription password that you set up at https://customer.scorpionsoft.com/subscriptionsettings.aspx. The “Friendly Name” represents a unique name that you can use to track your usage. Click Next.
• Select the option to “Modify the following Site” and select the Restored Site from the drop down.
• Change the site name to something relevant and confirm your original settings are correct.
  Note: The authentication web service URL has changed from the old /TokenValidator/TokenValidator.asmx to the new /AuthAnvilSAS/SAS.asmx. The new web service URL is at http://localhost/AuthAnvilSAS/SAS.asmx Be sure to use this new URL when configuring agents.
• Proceed through the configuration wizard by hitting Next at each step. You will not need to import any new tokens.
• When at the stage to add or edit Users, select at least one standard user and click Edit to set the Site Admin value to yes. This is required for logging into AuthAnvil Manager.
• After confirming that your settings and users are in place select the radio button to close the wizard. This will restart the AuthAnvil Licensing Manager and start AuthAnvil for you.

Step 6 - Test upgraded AuthAnvil install

With all the previous configuration settings now restored, your installation SHOULD be back and fully working.

To test that this is true for AuthAnvil, follow these steps:

• Using an AuthAnvil account that is a site admin, log in to the AuthAnvil Manager using your AuthAnvil credential.
• Click the System Test tab. When the system test is complete ensure all users, tokens and settings passed.
• Click the Users tab, click a user name, then click Manage User and then Test Token. Follow the on screen instructions and ensure you can successfully authenticate that token.

Once AuthAnvil is fully tested to be working, you can turn to upgrade all your AuthAnvil agents.

Step 7 - Backup your new AuthAnvil configuration and settings

You are almost done! Actually... you are. All that is left is to backup your newly configured AuthAnvil system settings.

• Open the AuthAnvil Database Configuration Utility located typically at Start > All Programs > Scorpion Software > AuthAnvil > AuthAnvil Database Management > AuthAnvil Database Management
• Select the Use existing Windows account option. Entering the credentials from step 4.
• Pick or enter your SQL Server instance name.
• Select your authentication method.
• Enable the Backup existing database option.
• Click the Backup button and note the confirmation message below the button as well as the location the file is saved in above the button.
• Store the file in a safe location.

Running a backup via Command line
To backup your AuthAnvil data from a command line simply do the following:

• Open a command window and go to the same directory as the AuthAnvil Database Management tool typically C:\Program Files\Scorpion Software\AuthAnvil Database Management\
• To run the backup you enter the exe's name followed by the SQL instance name.
  aabackup.exe SQLInstanceName
  
• Your bup file is created and saved in the same directory. If you receive an error, run the backup through the Start menu wizard and confirm the SQL instance name.

Why backing up your AuthAnvil configuration data is important

Besides the traditional answer of data diligence for recovery operations, there is a very practical reason for doing so. The original token import file that you are emailed includes token information at the time that they were programmed. Once a token has been used for a period of time it has the potential to be "out of sync" with the server if you re-import the token information at a later date for the original file. The solution is to manually resync the token after re-import, which can be tedious if you are managing a lot of tokens and have to manually resync each one. A better solution would be to simply restore the most recent AuthAnvil BUP, which will include the most recent keys used during the last successful authentication challenge.

Automating the backup of AuthAnvil configuration data and audit logs

Using a tasked schedule, you can configure it to routinely backup the data and make it available to your normal server backup sets. Below is a step by step guide on how to do that:

Step 1 - Create a new Scheduled Task

Open the Scheduled Task folder in Control Panel and select "Add Scheduled Task".

Step 2 - Browse for aabackup.exe

When asked which program to run select "Browse" and browse to aabackup.exe, which is normally stored in the C:\Program Files\Scorpion Software\AuthAnvil Database Management folder.

Step 3 - Configure Schedule

You will need to decide when you want to schedule the task. It is recommended you backup daily or weekly to ensure synchronization data and audit logs are securely stowed away on a regular basis. You might also want to give the task a more friendly name, such as "AuthAnvil Backup".

Once you schedule the frequency and hit next, you will be asked what time of day you want to start the task. It only takes a few moments to run, but should be done at the end of the day, or just before your daily server backup is done to tape or harddisk.

Step 4 - Select the account with privileges to execute the backup

Select the account you would like to use to run the backup. This should be an account with enough pivileges to access and read the AuthAnvil data on the SQL Server.

Step 5 - Select to Save and Open Advanced properties

Although normally a scheduled task is now complete, we need to make a slight change to the task. To do so, check the box that says "Open advanced properties for this task when I click Finish".

Step 6 - Update the run line to target your SQL Server

The AuthAnvil Backup Agent takes as a parameter the SQL instance name where the AuthAnvil database resides.

ie: aabackup.exe SOMESQLSERVER\SQLEXPRESS.

If you are targeting a standard SQL Server (not express), and are not sure what the instance name is, ask your database administrator. Usually it is just the server name. But you need to confirm with your DB admin.

Below is a screenshot of it configured to our main office's SQL 2008 server. Notice the SQL-HQ appended to the end.

Once you have made this change in the run field, make sure you hit "Apply". You will be prompted to re-enter the credentials.

Step 7 - Configure your backup software to backup the AuthAnvil BUP

At this point, the scheduled task will be creating a *.bup file in the base directory of where aabackup.exe resides. You should configure your backup software to include that folder in the nightly backup set, to ensure you properly back it up.

NOTE: A BUP file stores all AuthAnvil configuration and audit data, and should be properly secured. You may wish to copy the aabackup.exe file to a secure location and further tighten NTFS ACLs so permissions will only allow the backup account privileges to read and access the .bup files created, along with the administrative account which needs to execute the aabackup tool. All other access should be explicitly denied.

You will also want to remember to routinely purge the .bup files out of that directory. Over time, this could fill up your harddrive, especially if you have a lot of audit log items being recorded.

Need help?

If you have any problems during your upgrade process, please open a new support case in the Customer Portal. We would be happy to help.

Appendix A – Trouble Shooting

During migration between v1.5 and v3 there are a few things that may occur, especially on older system. These include:

• IIS may not restart. In IIS6, removal and reinsertion in the same session may cause IIS to NOT restart on completion. Simply check that the WebSites are running in the IIS Configuration Manager. If unsure, simply run iisreset from the command line.
• The Web.Config files may not have properly set the database connection string. Depending how the files were locked during install, it may be that the installer did not properly configure the files. Included in the Tools directory of the base install (typically %PROGRAMFILES\Scorpion Software\AuthAnvil\Tools) is an application called AAWebConfigEditor.exe. Run it, making sure that the primary and secondary SAS URLs match what you need, and that the Database source (where you see “Server=”) points to the correct location.
• The AuthAnvil Licensing Manager password is not correct. Verify that you have entered that correctly. Look in the AuthAnvil eventlog, searching for a line that says “Successfully sent licensing report.”. If you don’t see that, check that you entered the correct information in the AuthAnvil Configuration Wizard.