You must run the pre-upgrade checks before you upgrade to NetWitness Platform XDR 12.1.1.0 to identify any issues that may result in upgrade failure.
To run the pre-upgrade checks, perform the following:
-
Log in to Admin console.
-
Run the following command:
nw-precheck-tool upgrade-checklistThe pre-upgrade checks verifies the following:
Upgrade Checklist
Security Client File Check - Ensures security-client-amqp.yml file is not present.
Node-0 NW Service-id Status - Ensures all the service-id is intact with all the different services in Node 0.
Broker Service Trustpeer Symlink - Ensures Broker symlink file (/etc/netwitness/ng/broker/trustpeers/) is not broken.
Node-0 NW Services Status - Checks the status of all the services in Node 0.
Yum External Repo Check - Ensures external repos are not available and not enabled.
Node-0 RPM DB Index Check - Checks if the RPM DB is corrupted or not.
Salt Master Communication - Verifies the salt communication from Node 0 to all the Nodes.
Node-0 Certificates Check - Checks if any certificates are missing, expired, or invalid issuer type.
Mongo Authentication - Validates the deploy_admin credentials fetched from security-cli-client using Mongo client.
Rabbitmq Authentication - Validates the deploy_admin credentials fetched from security-cli-client using RabbitMQ.
(Component Hosts) Node X NW Service Status - Verifies the status of services (Active or In Active) on all the Node X.
(Component Hosts) Node X Certificates Check - Checks the certificate expiry, missing, corrupted, and issuer mismatch in all categories of Node X.
Nodes CPU-Memory Info - Provides CPU and Memory details of all the nodes along with the real-time available memory.
(Admin Server) Node 0 File System Utilization - Verifies the disk partition utilization of /var/netwitness/mongo, /var/netwitness, and root on Node 0.
(Component Hosts) Node X File System Utilization - Verifies the disk partition utilization of /var/netwitness/mongo, /var/netwitness, and root for ESA Primary and Endpoint Log Hybrid services on Node X.
Mongo File (ESAPrimary) - Checks the ESA Primary node in the system or stack and verifies the permission mode of Mongo file.
Orchestration Server Normal Mode - Checks if the orchestration service is running in normal or safe mode.
(Admin Server) Node 0 Init status - Checks if there are any issues that might fail init process.
Fips Mode Check - Checks to ensure that the Fips mode is disabled (set to false) before and after upgrade.
Node-X RPM DB Index Check - Checks for the status of RPM DB on Node-X to make sure it is not corrupted.
Node-Z Yum Proxy Check - Checks for the existence of yum.conf file and availability of proxy within the file on Node -Z.
Node-X Yum Proxy Check - Checks for the existence of yum.conf file and availability of proxy within the file on Node -X.
Host Info Check Probe - Checks if the required fields of information of all the hosts in the system (Host IP, Hostname, Installed Services, and Raw Version) are available.
Node-Z Cipher Check Probe - Checks if the required ciphers are available in the location /etc/rabbitmq/rabbitmq.config on Node-0.
Node-X Cipher Check Probe - Checks if the required ciphers are available in the location /etc/rabbitmq/rabbitmq.config on all Node-X.
Node-X Hardware Version Check Probe - Checks for the hardware version of all reachable Node-X.
Node-Z Hardware Version Check Probe - Checks for the hardware version of the Admin server.
Network Checklist
- (Admin Server) Node 0 closed ports - Checks if the service ports required for NetWitness services are open and listening on Node 0.
(Component Hosts) Node X closed ports - Checks if the service ports required for NetWitness services are open and listening on Node X.
Certificate Checklist
Node 0 Service Certificates - Checks the validity of service certificates in the location /etc/pki/nw/service/ on Node-0.
Node X Service Certificates - Checks the validity of service certificates in the location /etc/pki/nw/service/ on Node-X.
Node Certificates on Node-0 - Checks the validity of node certificates in the location /etc/pki/nw/service on Node-0.
Root CA Certificates - Checks the validity of Root CA certificates in the location /etc/pki/nw/ca.