I need to move from our old 2012 (not R2) server to a new one (2016).
Both have the same version of the console and both are linked to the same database. SSL-certificate for the domain is installed and everything looks ok.
The plan is to turn off the old one and then change the IP on the new one to the IP of the old one. So that mdm.ourdomain.com points to the new server.
Will this work? Am I missing something?
That sounds good here. The console and DS are simply application servers, so just install the console and start it up once you change the IP address.
Thank you.
I did a quick test earlier. (Changed the IPs) and I could send messages, profiles etc to my devices. Great.
But when I opened the intelligent hub on my ipad, I was asked to log in (they are DEP-enrolled, so the users never know the username and password).
Also, about 100 devices were stuck on the first page of the device list view. Every one of them had "last connection 1ms ago". Very weird..
So I got cold feet and changed back to the old server. I than removed and re-installed intelligent hub on my device and I was logged in again.
Not sure if I should just commit to the new server and maybe update the console / application version from 1907 to something newer and hope that solves the issues.
I guessing you had caching issues on the devices. Cookies were probably generated and the sessions were ended prematurely. Do you only have one server in this setup? Or are you using a load balancer with several?
Yes, we only have one server that acts as a console and application server. The plan is to spin up another vm once the migrations is complete, than put both behind netscaler. I can find very little information on how to set up multiple servers and load balancing. I asked support how I could do the migration and how I should set up the load balancing, but they said I had to pay for that service.
If you have any suggestion to how I should do this, that would be much appreciated.
-Vegard
Vegard,
You should be able to move to a new server without issue. As mentioned, the Console/DS/API/etc.. servers are just application servers, all of the important information is in the database. Make sure that the new server has the same access to all the resources that the old server had and all the firewall rules are in place to allow for communication. Are you using Workspace ONE Access and if so is it in SaaS or On-Prem? You need to make sure that Access and UEM on the new server can communicate using APIs, again going back to communications and firewall rules. Here are some resources that address your questions about load balancing.
Guide in product documentation for HA:
High Availability Support for Workspace ONE UEM Components
Reference Architecture on Tech Zone:
https://techzone.vmware.com/vmware-workspace-one-and-vmware-horizon-reference-architecture
Roger
The parts you want to pay attention to are cookie persistence when using a load balancer. That gives me a headache if the LB admins don't get it set right. RogerDeane beat me to posting the doc's on HA. They are useful and pretty straight forward. Since you are using an all-in-one type setup it should be fairly easy. Also not, the Device Scheduler service will only run on one server at a time, so whatever server it starts up on first will be the active one. It will attempt to load on the other and fail. That is by design as well.
Thank you so much for your help! 🙂
Since the new server will have the same IP and DNS-name as the old one, all the firewall rules will work as before. We don't use WS1 Access.
The plan is to use Netscaler as a load balancer in front of the two servers for Device Service (port 443) and AWCM (port 2001). Does that sound correct?
What do you use?
When upgrading multiple server, is there a specific procedure to follow? Or do you just turn off the services on both and do the upgrade on both at the same time?
-Vegard
So for my upgrades I follow this basic structure where stopping any writes to SQL is the priority goal during the dB update:
I do the following after each install for testing
If you use other components like an ACC, tunnel etc then you can move forth to update/check on them for needed updates. The components usually can wait a bit if you are not in a rush.
RogerDeane was my mentor back in the day, so I have been successful with my updates using this process.
Of course you may run into kinks and general strange occurrences during your install. There are also many requirements needing to be met in any upgrade. Make sure to read the release notes before starting etc. Server requirements do change on occasion. New versions of .Net etc will be needed and installed for you, etc.
Great process LukeDC! I would add one step between 5 and 6 (it is optional but has saved me a ton of time). After stopping all the services and before launching the DB installer I go to the DB server and take the DB offline, being sure to check the box to disconnect any active connections. This usually only takes a few seconds. Once that is complete, bring it back online. I'm sure there is a cleaner way to drop any active connections but this works for me. If there are any lingering connections the DB installer may take a very long time as it attempts to get locks on tables. Also note that if you are using the Dell Factory Provisioning service or the Intelligence ETL connector service you will have to stop these manually as the application installer will not stop them.
Roger
Yes, yes. I will add that in. Forgot about ETL. And dropping connections is also a great way to go.
Thansk for all the input.
I did the "switch" and almost everything seems to work great. The only problem I'm having is enrolling Android Work devices. I scan the QR code and the device gets enrolled, it shows up in the console and it downloads the apps. But It's stuck at the "Please wait while we process the enterprise EULA" and I can briefly see this message "Unable to reach console for license key".
I've searched the KB and found a couple of "resolutions", but nothing has worked so far. It's a Samsung Xcover 4 that is locked down with the launcher. Everything except the launcher gets installed and the hub will not go past the EULA process..
Any suggestions?
I installed the latest patch to the 1907 version. I was planning to upgrade to 2001, but I want to wait until everything works on the old version after the server migration.
-Vegard
Hi Vegard,
I am also planning to move servers from 2012 to 2016. Can you please share the steps/documentation to migrate the servers. We are running 1907 and will be performing a cut-over migration. We have 2 web and 2 DS servers. We will be adding another DS after the migration. I have upgraded the existing servers before but never migrated them. So looking for all the help I can get.
Thanks,
Manshu
Hi! Sounds like you probably have a load balancer involved here. If you do you can easily just set up your 2016 servers and add them to the pool(s). Then when you're satisfied they are working fine, remove the 2012 servers from the pool. Not really migrating at all. Done this a few times with success.
I've contacted support regarding the issues.
I've found two more.
AWCM services stops (Same issue on the old server).
I can't remove og change DEP-profiles.