Pre Upgrade Checks

You must run the pre-upgrade checks before you upgrade to NetWitness 12.0.0.0 to identify any issues that may result in upgrade failure.

To run the pre-upgrade checks, perform the following:

  1. Log in to Admin console.

  2. Run the following command:
    nw-precheck-tool upgrade-checklist

    The pre-upgrade checks verifies the following:

  • Security Client File Check - Ensures security-client-amqp.yml file is not present.

  • Node-0 NW Service-id Status - Ensures all the service-id is intact with all the different services in Node 0.

  • Broker Service Trustpeer Symlink - Ensures Broker symlink file (/etc/netwitness/ng/broker/trustpeers/) is not broken.

  • Node-0 NW Services Status - Checks the status of all the services in Node 0.

  • Yum External Repo Check - Ensures external repos are not available and not enabled.

  • Node-0 RPM DB Index Check - Checks if the RPM DB is corrupted or not.

  • Salt Master Communication - Verifies the salt communication from Node 0 to all the Nodes.

  • Node-0 Certificates Check - Checks if any certificates are missing, expired, or invalid issuer type.

  • Mongo Authentication - Validates the deploy_admin credentials fetched from security-cli-client using Mongo client.

  • Rabbitmq Authentication - Validates the deploy_admin credentials fetched from security-cli-client using RabbitMQ.

  • (Component Hosts) Node X NW Service Status - Verifies the status of services (Active or In Active) on all the Node X.

  • (Component Hosts) Node X Certificates Check - Checks the certificate expiry, missing, corrupted, and issuer mismatch in all categories of Node X.

  • Nodes CPU-Memory Info - Provides CPU and Memory details of all the nodes along with the real-time available memory.

  • (Admin Server) Node 0 File System Utilization - Verifies the disk partition utilization of /var/netwitness/mongo, /var/netwitness, and root on Node 0.

  • (Component Hosts) Node X File System Utilization - Verifies the disk partition utilization of /var/netwitness/mongo, /var/netwitness, and root for ESA Primary and Endpoint Log Hybrid services on Node X.

  • Mongo File (ESAPrimary) - Checks the ESA Primary node in the system or stack and verifies the permission mode of Mongo file.

  • Orchestration Server Normal Mode - Checks if the orchestration service is running in normal or safe mode.

  • (Admin Server) Node 0 Init status - Checks if there are any issues that might fail init process.

  • (Admin Server) Node 0 closed ports - Checks if the service ports required for NetWitness services are open and listening on Node 0.

  • (Component Hosts) Node X closed ports - Checks if the service ports required for NetWitness services are open and listening on Node X.

  • Fips Mode Check - Checks to ensure that the Fips mode is disabled (set to false) before and after upgrade.

  • Node-X RPM DB Index Check - Checks for the status of RPM DB on Node-X to make sure it is not corrupted.

  • Node-Z Yum Proxy Check - Checks for the existence of yum.conf file and availability of proxy within the file on Node -Z.

  • Node-X Yum Proxy Check - Checks for the existence of yum.conf file and availability of proxy within the file on Node -X.

  • Host Info Check Probe - Checks if the required fields of information of all the hosts in the system (Host IP, Hostname, Installed Services, and Raw Version) are available.

  • Node-Z Cipher Check Probe - Checks if the required ciphers are available in the location /etc/rabbitmq/rabbitmq.config on Node-0.

  • Node-X Cipher Check Probe - Checks if the required ciphers are available in the location /etc/rabbitmq/rabbitmq.config on all Node-X.

Note: We recommend you to disable FIPS before upgrading and re-enable after a successful upgrade, to avoid appliance boot issues. To disable, run the following commands:
manage-stig-controls --disable-control-groups 3 --host-all
grub2-mkconfig -o /boot/grub2/grub.cfg