Follow

How can I upgrade 2FA from v1.6 v2.x or v3.0 to v5.0 (Legacy)

Follow the steps below to make sure your authentication server is properly upgraded to the latest version of AuthAnvil Two Factor Auth.

Step 1 – Backup your existing data by creating a backup (bup) file.

  1. Download the new aabackup utility from here. This version builds an AuthAnvil Two Factor Auth 5.0 compatible backup.
  2. Open a command window on the AuthAnvil server and navigate to the directory where you would like to save your backup file (i.e. cd D:\AuthAnvilBackups). 
    Note: The upgrade will delete and overwrite files in the C:\Program Files\Scorpion Software\AuthAnvil directory so be certain that your backup is not saved there.
  3. To run the backup, run the command aabackup.exe followed by the SQL instance name. 
    i.e. aabackup.exe SBS2008\AUTHANVIL 
  4. Your bup file is created and saved in the same directory. If the backup is successful, the tool will complete silently. If you receive an error, confirm the SQL instance name, and that your user account has privileges to access the database and run the backup again.
  5. Confirm that your file is valid by ensuring that it is well-formed XML.
     
    Remember to move this file to a safe location as it stores sensitive data from your server database. When the upgrade runs the existing AuthAnvil Password Server files and folders will be wiped and recreated.


Step 2 – Uninstall the old version of AuthAnvil Two Factor Auth

Now that all configuration data has been backed up, you can uninstall the existing product:

  1. Click Start, then Control Panel,and finally Add or Remove Programs.
  2. Click on AuthAnvil, and then Remove. Follow instructions for removal.
  3. Uninstall the AuthAnvil Database Management Tool last.

After removing the server and the database tool, you are ready to proceed with the AuthAnvil Two Factor Auth v5.0 install.


Step 3 – Install AuthAnvil Two Factor Auth Strong Authentication Server

Please refer to the v5.0 AuthAnvil Two Factor Auth Installation Guide for instructions on installing AuthAnvil Two Factor Auth.

Note for AuthAnvil 1.6 users: The authentication web service URL has changed from the old /TokenValidator/TokenValidator.asmx to the new /AuthAnvil/SAS.asmx. Be sure to use this new URL when configuring agents, and to reconfigure any agents with the new URL when the upgrade is complete.

Note for AuthAnvil 2.x and 3.x users: The authentication web service URL has changed from the old /AuthAnvilSAS/SAS.asmx to the new /AuthAnvil/SAS.asmx. Be sure to use this new URL when configuring agents. The old one is still available, however, for legacy configurations.


Step 4 – Test upgraded AuthAnvil Two Factor Auth install

With all the previous configuration settings now restored, your installation SHOULD be back and fully working.

To test that this is true for AuthAnvil Two Factor Auth, follow these steps:

  1. Using an AuthAnvil Two Factor Auth account that is a site admin, log in to the AuthAnvil Manager using your AuthAnvil Two Factor Auth credential.
  2. Click the Users tab, click a user name, then click Token Information and then Test Token. Follow the on screen instructions and ensure you can successfully authenticate that token.

Once AuthAnvil Two Factor Auth is fully tested to be working, you can turn to upgrade all your AuthAnvil Two Factor Auth agents.


Step 5 – Backup your new AuthAnvil Two Factor Auth configuration and settings

You are almost done! Actually… you are. All that is left is to back up your newly configured AuthAnvil Two Factor Auth system settings.

  • Open a command window and go to C:\Program Files\Scorpion Software\AuthAnvil\AuthAnvilTools
  • To run the backup, run the command aabackup.exe followed by the SQL instance name. 
    i.e. aabackup.exe SBS2008\AUTHANVIL 
  • Your bup file is created and saved in the same directory. If the backup is successful, the tool will complete silently. If you receive an error, confirm the SQL instance name, and that your user account has privileges to access the database and run the backup again.


Why backing up your AuthAnvil Two Factor Auth configuration data is important

Besides the traditional answer of data diligence for recovery operationsthere is a very practical reason for doing so. The original token import file that you are emailed includes token information at the time that they were programmed. Once a token has been used for a period of time, it has the potential to be "out of sync" with the server if you re-import the token information at a later date from the original file. The solution is to manually resync the token after re-import, which can be tedious if you are managing a lot of tokens and have to manually resync each one. A better solution would be to simply restore the most recent AuthAnvil Two Factor Auth BUP, which will include the most recent keys used during the last successful authentication challenge.


Automating the backup of AuthAnvil Two Factor Auth configuration data and audit logs

Using a scheduled task, you can configure your server to routinely backup the data and make it available to your normal server backup sets. We have a tool available to help you do that. For more information, check out this blog post.

At this point, the scheduled task will be creating a *.bup file in the base directory of where aabackup.exe resides. You should configure your backup software to include that folder in the nightly backup set, to ensure you properly back it up.

NOTE: A BUP file stores all Two Factor Auth configuration and audit data, and should be properly secured. You may wish to copy the aabackup.exe file to a secure location and further tighten NTFS ACLs so permissions will only allow the backup account privileges to read and access the .bup files created, along with the administrative account which needs to execute the aabackup tool. All other access should be explicitly denied.

You will also want to remember to routinely purge the .bup files out of that directory. Over time, this could fill up your hard drive, especially if you have a lot of audit log items being recorded.

 

 

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk