This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Applying 10.6.1.1 patch on 10.6.0.0 (unofficial!)

MihoSjoquist
Employee
Employee
‎2016-12-22 01:22 PM

The Security Analytics/NetWitness Suite Patch releases can be installed on Service Packs, but not on major releases. For example, 10.6.1.1 can be installed on 10.6.1.0 but not on 10.6.0.0. This also means that the patch release upgrade packages only contain the rpms that are needed to upgrade from the nearest service packs.

If the latest patch was not applied to all appliances at the same time, you need to use a workaround to update them.

 

Preconditions

  • SA server, Log Collector, and Concentrator have been built from the 10.6.0 OVA.
  • Connection to Live Update Repository was turned off.
  • SA Server and Log Collector were upgraded to 10.6.1 by using the split zip packages (7 zip files). But the Concentrator was left as 10.6.0.0.

pastedImage_18.png

 

Case 1

The 10.6.1 upgrade package was removed from the local repo (SA UI -> Systems -> Updates -> Settings -> Manage Repository. Select and remove 10.6.1).

Now the 10.6.1.1 packages (5 zip files) were uploaded.

pastedImage_20.png

Observation 

SA Server and LC can be upgraded to 10.6.1.1. But Concentrator only sees 10.6.0.2 as a possible upgrade.

 

Workaround

1. Load 10.6.1 so that there will be both 10.6.1 and 10.6.1.1 in the local repo.

2. Log into the Concentrator console.

3. Copy the /etc/yum.repos.d/RSASoftware.repo file and create the temp.repo file under the same location. In the temp.repo file, change the last section of the baseurl with the actual release number to 10.6.1 (SA server's local repo folder.)

Example:

[temp]
baseurl=http://puppetmaster.local/rsa/updates/10.6.1/
enabled=1
gpgcheck=1
sslverify=1

4. From a command prompt, run “yum clean all”, followed by “ yum check-update”. At this point, you should be able to see the SA 10.6.1.1 rpms returned.

6. Run “yum update –y

7. After a successful upgrade, delete the temp.repo file.

 

 

Case 2

From the end of Case 1 --- After upgrading the SA server to 10.6.1.1, add a new 16.0.0.0 ESA.

 

Observation

The new ESA was provisioned successfully.
The only update option available to the ESA is 10.6.0.2 but only sees 10.6.0.2 as a possible upgrade.

pastedImage_22.png

Workaround 

The same workaround above will work for ESA.

 

This scenario came from Michael McGillick originally a couple of months ago. I thought that above information is worth sharing.

Thank you Melinda Zelenkov for reviewing this post.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.