5 Upgrading MyID

This chapter contains important information on upgrading your MyID system. The upgrade procedure you must carry out depends on what version of MyID you are upgrading.

5.1 Before you upgrade

Note: Before you upgrade your MyID system to the current version of MyID, contact Intercede customer support quoting reference SUP-300 for advice on upgrading your particular configuration; this is essential if your system contains any customizations, or if you are upgrading from a system earlier than version 8.0.

Check section 3, Hardware and software requirements to make sure that your system supports the latest version of MyID, and section 4, Preparing your system to make sure that your system has been configured correctly. You can use the System Interrogation Tool to confirm that your system meets the requirements for the current version of MyID – see the System Interrogation Utility guide for details.

Make sure that your client workstations are correctly configured; see section 3.3, Client workstation. For example, make sure that the MyID website has not been added to the list of compatibility view sites on any of your client PCs.

MyID 10.7 introduced the requirement to have the SQL Server Full Text Search option installed on your database server, and MyID 11.0 introduced the requirement to have the Microsoft OLE DB Driver 18 for SQL Server (MSOLEDBSQL) installed – see section 4.5, Setting up the database for details.

MyID 10.7 also introduced the web service user account. If you are upgrading a MyID 10.6 or earlier system, you must create this user before you run the installation program; see section 4.1.4, Web service user account for details.

MyID 11.0 introduced the requirement for the MyID COM+ user account, the IIS user account, and the web service user account to have Log on as a service rights – if you are upgrading, you must make sure that your accounts have the correct permissions; see section 4.1, Setting up user accounts for details.

Make sure that you complete any outstanding activation jobs before upgrading your system – if you request a card, upgrade MyID, then attempt to activate the card, you may experience problems due to the different requirements for activation between versions of MyID. For more information contact customer support quoting reference SUP-182.

MyID 12.0 introduced the authentication user account. If you are upgrading a MyID 11.8 or earlier system, you must create this user before you run the installation program; see section 4.1.5, MyID Authentication account for details. If you are using SQL Authentication, you must also create an additional login to be used for the authentication database; see the Prerequisites section in the Microsoft Azure Integration Guide.

5.1.1 Upgrading systems with custom configuration updates

If you have received an update from Intercede for your pre-MyID 12.0 system that applies custom configurations – for example CONFIG-9999.1.0 – you must contact customer support quoting reference SUP-318 to receive an updated version of this configuration update.

5.1.2 Upgrading systems with custom LDAP mappings

If the MyID system you are upgrading has custom LDAP mappings, before you upgrade you must set a configuration option to prevent the installation program from overwriting your existing settings.

To retain your custom LDAP mappings while upgrading:

From the Configuration category, select Operation Settings.
On the LDAP tab, select the following:
- Custom LDAP mappings – set to Yes.
Click Save changes.

IKB-150 – Upgrading can reset LDAP mapping

If you are upgrading from a system earlier than MyID 10.7 that was connected to another LDAP directory type, the Custom LDAP mappings option will not be available, and configuration settings regarding attribute mapping may be reset to the Active Directory values.

Specifically, if mappings have been removed as the directory does not have an equivalent field, these will be re-added with ADS values. Existing mappings that are modified should remain unchanged, and custom additional field mappings should not be removed.

For more information on working around this issue, contact customer support, quoting reference IKB-150.

5.1.3 Upgrading systems with a web server outside the domain

If your system has been configured to use a web server outside the domain used for the rest of the MyID system, the custom configuration on the MyID application components presents some complications when upgrading. If your system meets this description, you are recommended to contact customer support quoting reference SUP-242.

5.1.4 Upgrading renewal jobs

If you are upgrading from a MyID 10.4 or earlier system, you are recommended to complete all outstanding renewal jobs before upgrading. If this is not possible, you can use the provided database scripts to cancel the existing jobs and then regenerate them.

The database scripts are provided in the MyID release in the following folder:

\Support Tools\Upgrade\Database Scripts\

To upgrade your renewal jobs:

Before upgrading, run the following script against the MyID database:

db_CountPendingCertRenewals.sql

This script informs you how many pending renewal jobs are in the MyID database.
Carry out the MyID upgrade.
After upgrading, run the following script against the MyID database:

db_RegeneratecCertRenewalJobs.sql

This script cancels the renewal jobs and regenerates them so that they can be processed.

5.1.5 Upgrading card issuance jobs

If you are upgrading from a MyID 8.0 or earlier system, you are recommended to complete all outstanding issuance jobs before upgrading.

You may find that the Collect Card workflow has the following issues with jobs that were created before you carried out the upgrade:

Issuance jobs may not appear using the default filters.
Issuance jobs will appear when removing the Allowed Issuer default filter.
Listed issuance jobs will display a blank entry for the credential profile.
Attempting to collect these jobs will present an error.

You can use the provided database script to upgrade these issuance jobs to the latest format.

The database script is provided in the MyID release in the following folder:

\Support Tools\Upgrade\Database Scripts\

To upgrade your issuance jobs:

After upgrading MyID, run the following script against the MyID database:

db_MigrateV8IssueCardJobs.sql

This script upgrades the issuance jobs so that you can collect them.

5.1.6 Upgrading systems with customized configuration files

If you have made any changes to configuration files, such as the myid.config file for the various MyID web services, you must back up these files before you start the upgrade process, and merge in the changes once you have completed the new installation.

5.1.7 Upgrading systems with multiple databases

Your MyID system may have multiple databases; for example, a separate audit database, a separate audit archive database, or a binary objects database. You configure MyID to point to the appropriate database by configuring its .udl files; you are recommended to back up the MyID .udl files in the Windows SysWOW64 folder (for 32-bit MyID before version 12.0.0) or System32 folder (for 64-bit MyID from 12.0.0 on) before you upgrade MyID.

5.1.8 Upgrading systems with custom card layout images

If you have custom images that you use for card layouts (see the Custom image fields section in the Administration Guide) you must back up these images before you upgrade, then copy them into the new upimages folder after you have completed the installation.

5.1.9 Upgrading systems that use the web server to store images

By default, MyID stores images in the database. If your system is configured to store images on the web server instead (see the Storing images on the web server section in the Operator's Guide) you must back up your upimages folder before upgrading, then copy these files into the new upimages folder after you have completed the installation.

You must then set the File Store Location option (on the Video tab of the Operation Settings workflow) to point to this new location.

Note: You cannot use the MyID Operator Client to capture images if your system is configured to store images on the web server. To view images that are stored on the web server in the MyID Operator Client, you must carry out some additional configuration; see the Displaying images stored on the web server section in the MyID Operator Client guide.

5.1.10 Authentication user

The MyID Authentication user is a new user account introduced at MyID 12.0. If you are upgrading from an earlier version, you must set up this authentication user account before you run the installation program.

See section 4.1.5, MyID Authentication account for details.

5.1.11 Authentication database

The authentication database is a new database introduced at MyID 12.0. This database is used to store authentication information, including details of audited authentication attempts. You can use this database for reporting; see the Reporting on the authentication database section in the MyID Authentication Guide for details.

If you are using SQL Authentication (for SQL Azure) you must create an additional login for this database; see the Prerequisites section in the Microsoft Azure Integration Guide for details.

5.1.12 Upgrading systems with multiple instances of the Certificate Server service

If you are upgrading from a 32-bit version of MyID to a 64-bit version of MyID, and your system uses multiple instances of the MyID Certificate Server (eCertificateSrv) service, you must back up your registry before starting the upgrade, then set up your additional service instances again after installing MyID, using the 64-bit Program Files path. See the Multiple Certificate Server Services guide (available on request from Intercede customer support).

5.1.13 Upgrading systems with customized services

If you are upgrading from a 32-bit version of MyID to a 64-bit version of MyID, and your system has customizations applied to the services through the registry, you must back up your registry before starting the upgrade, then set up your customizations again after installing MyID.