7 Upgrading MyID

This chapter contains important information on upgrading your MyID system. The upgrade procedure you must carry out depends on what version of MyID you are upgrading.

7.1 Before you upgrade

Note: Before you upgrade your MyID system to the current version of MyID, contact Intercede customer support quoting reference SUP-300 for advice on upgrading your particular configuration; this is essential if your system contains any customizations, or if you are upgrading from a system earlier than version 8.0.

Check section 5, Additional hardware and software requirements to make sure that your system supports the latest version of MyID, and section 6, Pre-installation configuration to make sure that your system has been configured correctly. The MyID Installation Assistant automatically checks that your system meets these requirements; alternatively, you can use the System Interrogation Tool to confirm that your system meets the requirements for the current version of MyID – see the System Interrogation Utility guide for details.

Make sure that your client workstations are correctly configured; see section 5.2, Client workstation. For example, make sure that the MyID website has not been added to the list of compatibility view sites on any of your client PCs.

MyID 10.7 introduced the requirement to have the SQL Server Full Text Search option installed on your database server.

MyID 10.7 also introduced the web service user account. If you are upgrading a MyID 10.6 or earlier system, you must create this user before you run the installation program; see section 6.1.4, Web service user account for details.

MyID 11.0 introduced the requirement for the MyID COM+ user account, the IIS user account, and the web service user account to have Log on as a service rights – if you are upgrading, you must make sure that your accounts have the correct permissions; see section 6.1, Setting up user accounts for details.

Make sure that you complete any outstanding activation jobs before upgrading your system – if you request a card, upgrade MyID, then attempt to activate the card, you may experience problems due to the different requirements for activation between versions of MyID. For more information contact customer support quoting reference SUP-182.

MyID 12.0 introduced the authentication user account. If you are upgrading a MyID 11.8 or earlier system, you must create this user before you run the installation program; see section 6.1.5, MyID Authentication account for details. If you are using SQL Authentication, you must also create an additional login to be used for the authentication database; see section 4.6.6, Configuring SQL Server for SQL Authentication.

MyID 12.6 introduced the requirement to have the Microsoft OLE DB Driver 19 for SQL Server (MSOLEDBSQL) installed – see section 4.6, Setting up the database for details. Previous versions of MyID from MyID 11.0 required Microsoft OLE DB Driver 18 for SQL Server; these versions are not compatible with each other. You must upgrade to Microsoft OLE DB Driver 19 for SQL Server before installing MyID. For more information about supported versions of the Microsoft OLE DB Driver, contact customer support quoting reference SUP-324.

MyID 12.6 also introduced the requirement to have the SqlServer PowerShell module installed on the server from which the database is installed; this is required by the MyID Installation Assistant to run database tests. See section 4.6.5, Running SIU tests against the database for details.

7.1.1 Selecting features when upgrading

In the MyID Installation Assistant, on the Select Roles and Features screen (see section 2.7, Selecting the server roles and features) make sure that the list of features you want to install is correct. The MyID Installation Assistant interrogates the registry for details of the features that are already installed, but the registry does not contain details of every feature.

You may also want to install new features that were not available in your previous version of MyID.

If you do not have a record of the features installed on a server, you can run the installation program for the already-installed version of MyID and select the Modify option. The Server Roles and Features screen lists what you have installed.

Note: The options in this installation program do not correspond exactly to the options displayed in the MyID Installation Assistant; the MyID Installation Assistant displays a list of options that has been organized to make it clear which options are optional. In addition, the Web Server option in the Modify process incorporates both the Web Server and Operator Client Web Services options in the MyID Installation Assistant; this option has been split in the MyID Installation Assistant to allow for greater flexibility when installing MyID.

See section 8.4, Modifying the installation for details of running the modify process.

7.1.2 Upgrading a split-tier system

If you are upgrading a system where the application server and web server are installed on different physical machines, you must upgrade the application server before you upgrade the web server; this allows you to upgrade the web server using the updated COM+ proxies from the application server.

7.1.3 Upgrading systems with edited appsettings.Production.json files

Important: The installation program may uninstall and reset the contents of any appsettings.Production.json files you have edited. You must back up any appsettings.Production.json files on your system and restore their settings after you have upgraded MyID.

7.1.4 Upgrading systems with custom configuration updates

If you have received an update from Intercede for your pre-MyID 12.0 system that applies custom configurations – for example CONFIG-9999.1.0 – you must contact customer support quoting reference SUP-318 to receive an updated version of this configuration update.

7.1.5 Upgrading systems with custom LDAP mappings

If the MyID system you are upgrading has custom LDAP mappings, before you upgrade you must set a configuration option to prevent the installation program from overwriting your existing settings.

To retain your custom LDAP mappings while upgrading:

From the Configuration category, select Operation Settings.
On the LDAP tab, select the following:
- Custom LDAP Mappings – set to Yes.
Click Save changes.

IKB-150 – Upgrading can reset LDAP mapping

If you are upgrading from a system earlier than MyID 10.7 that was connected to another LDAP directory type, the Custom LDAP mappings option will not be available, and configuration settings regarding attribute mapping may be reset to the Active Directory values.

Specifically, if mappings have been removed as the directory does not have an equivalent field, these will be re-added with ADS values. Existing mappings that are modified should remain unchanged, and custom additional field mappings should not be removed.

For more information on working around this issue, contact customer support, quoting reference IKB-150.

7.1.6 Upgrading systems with a web server outside the domain

If your system has been configured to use a web server outside the domain used for the rest of the MyID system, the custom configuration on the MyID application components presents some complications when upgrading. If your system meets this description, you are recommended to contact customer support quoting reference SUP-242.

7.1.7 Upgrading renewal jobs

If you are upgrading from a MyID 10.4 or earlier system, you are recommended to complete all outstanding renewal jobs before upgrading. If this is not possible, you can use the provided database scripts to cancel the existing jobs and then regenerate them.

The database scripts are provided in the MyID release in the following folder:

\Support Tools\Upgrade\Database Scripts\

To upgrade your renewal jobs:

Before upgrading, run the following script against the MyID database:

db_CountPendingCertRenewals.sql

This script informs you how many pending renewal jobs are in the MyID database.
Carry out the MyID upgrade.
After upgrading, run the following script against the MyID database:

db_RegeneratecCertRenewalJobs.sql

This script cancels the renewal jobs and regenerates them so that they can be processed.

7.1.8 Upgrading card issuance jobs

If you are upgrading from a MyID 8.0 or earlier system, you are recommended to complete all outstanding issuance jobs before upgrading.

You may find that the Collect Card workflow has the following issues with jobs that were created before you carried out the upgrade:

Issuance jobs may not appear using the default filters.
Issuance jobs will appear when removing the Allowed Issuer default filter.
Listed issuance jobs will display a blank entry for the credential profile.
Attempting to collect these jobs will present an error.

You can use the provided database script to upgrade these issuance jobs to the latest format.

The database script is provided in the MyID release in the following folder:

\Support Tools\Upgrade\Database Scripts\

To upgrade your issuance jobs:

After upgrading MyID, run the following script against the MyID database:

db_MigrateV8IssueCardJobs.sql

This script upgrades the issuance jobs so that you can collect them.

7.1.9 Upgrading systems with customized configuration files

If you have made any changes to configuration files, such as the myid.config file for the various MyID web services, you must back up these files before you start the upgrade process, and merge in the changes once you have completed the new installation.

7.1.10 Upgrading systems with multiple databases

Your MyID system may have multiple databases; for example, a separate audit database, a separate audit archive database, or a binary objects database. You configure MyID to point to the appropriate database by configuring its .udl files; you are recommended to back up the MyID .udl files in the Windows SysWOW64 folder (for 32-bit MyID before version 12.0.0) or System32 folder (for 64-bit MyID from 12.0.0 on) before you upgrade MyID.

7.1.11 Upgrading systems with custom card layout images

If you have custom images that you use for card layouts (see the Custom image fields section in the Administration Guide) you must back up these images before you upgrade, then copy them into the new upimages folder after you have completed the installation.

7.1.12 Upgrading systems that use the web server to store images

By default, MyID stores images in the database. If your system is configured to store images on the web server instead (see the Storing images on the web server section in the Operator's Guide) you must back up your upimages folder before upgrading, then copy these files into the new upimages folder after you have completed the installation.

You must then set the File Store Location option (on the Video tab of the Operation Settings workflow) to point to this new location.

Note: You cannot use the MyID Operator Client to capture images if your system is configured to store images on the web server. To view images that are stored on the web server in the MyID Operator Client, you must carry out some additional configuration; see the Displaying images stored on the web server section in the MyID Operator Client guide.

7.1.13 Authentication user

The MyID Authentication user is a new user account introduced at MyID 12.0. If you are upgrading from an earlier version, you must set up this authentication user account before you run the installation program.

See section 6.1.5, MyID Authentication account for details.

7.1.14 Authentication database

The authentication database is a new database introduced at MyID 12.0. This database is used to store authentication information, including details of audited authentication attempts. You can use this database for reporting; see the Reporting on the authentication database section in the MyID Authentication Guide for details.

If you are using SQL Authentication you must create an additional login for this database; see section 4.6.6, Configuring SQL Server for SQL Authentication for details.

7.1.15 Upgrading systems with multiple instances of the Certificate Server service

If you are upgrading from a 32-bit version of MyID to a 64-bit version of MyID, and your system uses multiple instances of the MyID Certificate Server (eCertificateSrv) service, you must back up your registry before starting the upgrade, then set up your additional service instances again after installing MyID, using the 64-bit Program Files path. See the Multiple Certificate Server Services guide (available on request from Intercede customer support).

7.1.16 Upgrading systems with customized services

If you are upgrading from a 32-bit version of MyID to a 64-bit version of MyID, and your system has customizations applied to the services through the registry, you must back up your registry before starting the upgrade, then set up your customizations again after installing MyID.

7.1.17 Upgrading systems with customized banned word lists for PINs

If you have customized the list of banned words for user PINs, whether dynamic views in the database or the static word list file, you must take a backup of your banned word lists and re-apply them after the upgrade has completed.

See the Enforcing banned words in PINs section in the Administration Guide.