When upgrading the Centrify Audit & Monitoring Service environment to a newer version, always follow this order for minimal service disruption:
- Upgrade the audit databases.
- Upgrade the audit collectors.
- Upgrade the agents.
- Upgrade remaining components (such as the consoles, PowerShell cmdlets, SDK, Audit Management server and so forth).
- Centrify recommends using the Database Maintenance Wizard to “Generate the SQL scripts” for upgrading the databases rather than letting the Database Maintenance wizard perform an in-process upgrade.
- When performing a database upgrade by manually running the scripts, follow this order for minimal service disruption:
- Upgrade the “Active” audit store database(s).
- Upgrade the remaining audit store databases.
- Upgrade the audit management database.
- To upgrade the audit databases, typically the sysadmin rights on the database server are needed. This is because some of the operations performed during the database upgrade (such as marking an assembly with EXTERNAL ACCESS) requires permissions that are typically only assigned to the users with sysadmin rights. If the database environment is hardened and the user cannot run the upgrade scripts as a sysadmin, here’s a minimum set of permissions that the user must have in order to upgrade the databases:
- User must have db_owner rights
- User must have the EXTERNAL ACCESS ASSEMBLY rights
If the user is unsure whether the user has necessary rights to run the database upgrade or not, we recommend that the user generate the SQL scripts for database upgrade and hand them over to the database administrator for execution.
The audit database upgrade scripts are idempotent, which means accidentally running them multiple times will not cause any harm.
- The database upgrade scripts sometimes log warning messages (for example, for exceeding key length). These warnings can be safely ignored. However, if any errors are received while running the database upgrade scripts, please notify Centrify support.
This information is also available in KB-32276.