FAQ - Upgrade procedures

A list of questions and answers related to upgrade procedures:

Q:How do I upgrade a component that was originally installed without SSL configuration?
A: To configure SSL attributes, set the security_level parameter to force_enabled, as described in Configuring SSL attributes.
Q: How do I upgrade a component that was installed with default certificates?
Define the JKS_SSL_PASSWORD as described in Enhanced security for default certificates. For the full upgrade procedure, see Upgrading. If you are using default certificates and want to install a new component to be connected to a back-level master, see Upgrading in a mixed-version environment when using default certificates.
Q: What happens if I do not remember the password for the default certificates?
A: Before starting the upgrade, test the passwords for the certificates using the following keytool commands:
  • keytool -list -keystore TWSServerTrustFile.jks 
-storepass my_password
  • keytool -list -keystore TWSServerKeyFile.jks 
-storepass my_password
Q: The upgrade failed because the password I provided for the certificates in the JKS_SSL_PASSWORD variable is incorrect. How can I recover from this error?
A. Before restarting the upgrade, perform the following steps:
  1. Retrieve and test the password for the certificates, as described in Q: What happens if I do not remember the password for the default certificates?
  2. Restore the previous version of the ita.ini file.
  3. Restart the upgrade.
Can I install a backup master domain manager at version 10.2.1 in a back-level environment?
If you have a back-level environment, for example version 9.4, you can install a backup master domain manager at version 10.2.1, but it is recommended you check your security configuration.
Most 9.4 environments are not configured with SSL, which is enabled by default starting from version 10.1. To ensure communication between all components, perform the following steps:
  1. Install the fix for APAR IJ47731. To obtain the fix for your product version, contact Software Support.
  2. Install the backup master domain manager at version 10.2.1.
  3. Stop Open Liberty on the backup master domain manager at version 10.2.1, as described in Application server - starting and stopping.
  4. Browse to the following paths:
    on Windows operating systems
    TWS\broker\config
    on UNIX operating systems
    TWA_DATA_DIR/broker/config
  5. Set the Broker.Workstation.PortSSL property to false in the BrokerWorkstation.properties file.
  6. Start Open Liberty on the backup master domain manager at version 10.2.1, as described in Application server - starting and stopping.
  7. Run the following commands on the master domain manager at version 9.4: 
    1. optman chg cf = ALL
      This command changes the enCarryForward option so that all incomplete job streams are carried forward.
    2. JnextPlan -for 0000 -noremove
      This command extends the production plan without removing successfully completed job stream instances.
    3. optman chg cf = <original value>
      This command returns the enCarryForward option to its original value.
The new backup master domain manager can now communicate with the back-level network.

If you want to switch the new backup master domain manager to master, stop the broker on the master domain manager at version 9.4, and switch it to master domain manager.